User: wardkennes
Date: 21/09/14
Time: 17:48
public function __construct($params)
{
global $_ENV;
global $_SETTINGS;
global $_LANG;
global $PAGES;
$this->params = array_merge($params, $_ENV, $_SETTINGS, $_LANG, $PAGES);
$this->_API = new ApiCaller($this->params['api']['user_key'], $this->params['api']['api_key'], $this->params['api']['core_api_url']);
if (!isset($_SESSION['email'])) {
require 'controllers/AuthController.php';
$obj = new AuthController($this->params);
$obj->loginAction();
exit;
} else {
if (isset($_SESSION['password'])) {
global $_OPERATORS;
if ($_OPERATORS[$_SESSION['email']] == !$_SESSION['password']) {
$this->params['page_title'] = $this->params['wrong_password_text'];
View::render('auth/nopasswd', $this->params);
exit;
}
} else {
$this->params['page_title'] = $this->params['wrong_password_text'];
View::render('auth/nopasswd', $this->params);
exit;
}
}
}
public function init()
{
if (isset($_COOKIE["masterpw"]) || isset($_POST["password"])) {
$authC = new AuthController();
$authC->auth();
}
$data = array("navbar" => NULL, "list" => NULL);
if (SessionController::getAuth()) {
if (isset($_GET["scan"])) {
$animeC = new AnimeController();
$animeC->scanNew();
header("location: " . str_replace("?scan", "", $_SERVER['REQUEST_URI']));
} elseif (isset($_GET["anime"]) && isset($_GET["episode"])) {
$animeC = new AnimeController();
$data["video"] = array("model" => $animeC->getAnime($_GET["anime"]));
} else {
$animeM = new AnimeMapper();
$data["list"] = array("model" => $animeM->getAnimes());
}
if (isset($_COOKIE["lastEpisode"])) {
$arr = explode("|", $_COOKIE["lastEpisode"]);
$data["list"]["lastEpisode"]["id"] = $arr[0];
$data["list"]["lastEpisode"]["nr"] = $arr[1];
$data["navbar"]["lastEpisode"]["id"] = $arr[0];
$data["navbar"]["lastEpisode"]["nr"] = $arr[1];
$data["video"]["lastEpisode"]["id"] = $arr[0];
$data["video"]["lastEpisode"]["nr"] = $arr[1];
$data["video"]["lastEpisode"]["timestamp"] = $arr[2];
}
}
$this->renderView($data);
}
public function testGetAuthAdapterFunctionReturnsAuthAdapter()
{
$this->dispatch('/');
$auth_controller = new AuthController($this->request, $this->response, $this->request->getParams());
$return_value = $auth_controller->getAuthAdapter(array('username' => '', 'password' => ''));
$this->assertTrue($return_value instanceof Zend_Auth_Adapter_Interface);
}
public function indexAction($msg = null)
{
if ($msg != null) {
$msg = $msg->compile($this->jquery);
$this->view->setVar("msg", $msg);
} else {
$this->view->setVar("msg", "");
}
$this->session->__unset("bread");
if (AuthController::isAuth()) {
$user = $this->session->get('user');
switch ($user->getIdRole()) {
case 1:
$this->adminIndex($msg);
break;
case 2:
$this->dvlpIndex($msg);
break;
case 3:
$this->clientIndex($msg);
break;
case 4:
$this->managerIndex($msg);
break;
}
}
}
public function init()
{
parent::init();
AuthController::getInstance()->requireLogin();
ErrorHandler::getInstance()->getUrlErrorMessage();
$this->setSmarty();
}
/**
* 显示评价信息
* GET /rate
*
* @return Response
*/
public function getList()
{
//
$rates = array();
if (Input::has('shopID')) {
$shopID = base64_decode(Input::get('shopID'));
if (0 == strcmp($shopID, ALL_SHOPS_FALG)) {
$headerShop = (object) array("wy_shop_id" => base64_encode(ALL_SHOPS_FALG), "wy_shop_name" => ALL_SHOPS);
return View::make('admin.manage.rate.rate', compact('headerShop', 'rates'))->withAll(Lang::get('messages.10015'));
} else {
$headerShop = AuthController::checkShop($shopID);
if (empty($headerShop)) {
return View::make('admin.manage.rate.rate', compact('headerShop', 'rates'))->withError(Lang::get('errormessages.-10045'));
} else {
$shop = Shop::where('wy_shop_id', $shopID)->first(array('wy_comprehensive_evaluation', 'wy_service_score', 'wy_goods_score'));
$rates = Rate::where('wy_shop_id', $shopID)->orderBy('wy_time', 'desc')->paginate(PERPAGE_COUNT_10, array('wy_comment_id', 'wy_main_order_id', 'wy_user_phone', 'wy_time', 'wy_content'));
foreach ($rates as $index => $rate) {
$rate->wy_comment_id = base64_encode($rate->wy_comment_id);
$mainOrder = MainOrder::where('wy_main_order_id', $rate->wy_main_order_id)->first(array('wy_order_number'));
if (!empty($mainOrder)) {
$rate->wy_order_number = $mainOrder->wy_order_number;
} else {
$rate->wy_order_number = Lang::get('errormessages.-10058');
}
$rate->wy_main_order_id = base64_encode($rate->wy_main_order_id);
}
return View::make('admin.manage.rate.rate', compact('headerShop', 'shop', 'rates'));
}
}
} else {
return View::make('admin.manage.rate.rate', compact('rates'))->withError(Lang::get('errormessages.-10045'));
}
}
public function afterExecuteRoute()
{
$this->view->setVar("siteUrl", $this->url->getBaseUri());
if (!Auth::isAuth()) {
$this->dispatcher->forward(array("controller" => "Auth", "action" => "signin"));
$this->jquery->exec('$(".breadcrumb").hide();$(".menuItem").hide();$(".nomUser").hide()', true);
$this->jquery->compile($this->view);
} else {
//$this->view->disable();
$allow = true;
$user = $this->session->get('user');
if (!($this->dispatcher->getControllerName() == "Index" || $this->dispatcher->getControllerName() == "Auth")) {
$allow = false;
foreach ($user->getRole()->getAcl() as $acl) {
if (($acl->getController() == $this->dispatcher->getControllerName() || $acl->getController() == "Default") && $acl->getAction() == $this->dispatcher->getActionName()) {
$allow = true;
break;
}
}
}
if (!$allow) {
$this->dispatcher->forward(array("controller" => "Index", "action" => "index", "params" => array(new DisplayedMessage("Vous n'avez pas accès à cette partie de l'application.", "danger"))));
return;
}
$this->breadCrumbsAction();
$this->menuAction();
$this->userAction();
}
}
public function userSessionSwitcher()
{
if (AuthController::isLogged()) {
AuthController::unlogUser();
}
AuthController::loginUser();
}
public static function getInstance()
{
if (!isset(self::$instance)) {
self::$instance = new AuthController();
}
return self::$instance;
}
/**
* Routes the request to appropriate controller and returns resource params
*
* @return Resource $resource
*/
public static function getResource()
{
$resource = new Resource();
$firstParam = RequestManager::getParam(RequestManager::FIRST_PARAM);
$secondParam = RequestManager::getParam(RequestManager::SECOND_PARAM);
$thirdParam = RequestManager::getParam(RequestManager::THIRD_PARAM);
if (AuthController::isLoggedIn()) {
if (empty($firstParam) && empty($secondParam) && empty($thirdParam)) {
$resource->setKey(Constants::INDEX_URI_KEY);
} else {
$className = ucfirst($firstParam) . 'Controller';
if (class_exists($className) && is_subclass_of(new $className(), 'AbstractController')) {
$resource->setKey($className::MODULE_KEY);
} else {
if (!empty($firstParam) && !empty($secondParam) && !empty($thirdParam)) {
$resource->setKey(Constants::EXPLORER_URI_KEY);
} else {
$resource->setKey(Constants::INDEX_URI_KEY);
}
}
}
} else {
$resource->setKey(Constants::AUTH_URI_KEY);
if ($firstParam !== Constants::AUTH_URI_KEY) {
RequestManager::setPendingRequestURI();
}
}
$resource = self::setCorrectParams($resource, array($firstParam, $secondParam, $thirdParam));
return $resource;
}
public function init()
{
parent::init();
AuthController::requireLogin();
AuthController::requireShopSession();
$this->setSmarty();
}
function get_menu($params)
{
$out = '';
extract($params);
$prefix = empty($prefix) ? '' : $prefix;
$suffix = empty($suffix) ? '' : $suffix;
$pre_tag = empty($pre_tag) ? '' : $pre_tag;
$after_tag = empty($after_tag) ? '' : $after_tag;
$out = '';
include_once LIB_ROOT . '/pages/page.class.php';
$out .= $prefix . '<a href="/" class=menu>' . _('Home') . '</a>' . $suffix;
if (!AuthController::getInstance()->isAuthorized() && $show_signup) {
$out .= $prefix . '<a href="/signup.php" class=menu>' . _('Sign Up') . '</a>' . $suffix;
}
if ($show_memberarea) {
$out .= $prefix . '<a href="/user/account.php" class=menu>' . _('Member\'s area') . '</a>' . $suffix;
}
if (Project::getInstance()->getCurUser()->isAdmin()) {
$out .= $prefix . '<small><a href="/includes/inlines/admin/page.php?position=0" target="blank" style="font-size:9px;">(add page here)</a></small>' . $suffix;
}
$result = sql_query('
SELECT *
FROM pages
WHERE lang="' . $_COOKIE['lang'] . '" AND home=0 AND show_in_menu=1
ORDER BY position, id DESC
');
while ($menu_page = mysql_fetch_assoc($result)) {
$out .= $prefix . '<a href="/index.php?page=' . $menu_page['id'] . '" class=menu>' . $menu_page['name'] . '</a>' . $suffix;
if (Project::getInstance()->getCurUser()->isAdmin()) {
$out .= $prefix . '<small><a href="/includes/inlines/admin/page.php?position=' . $menu_page['position'] . '" target="blank" style="font-size:9px;">(add page here)</a></small>' . $suffix;
}
}
$out .= $exclude ? '' : $prefix . '<a href="/contactus.php" class=menu>' . _('Contact Us') . '</a>' . $suffix;
return $pre_tag . $out . $after_tag;
}
public function display_view($message)
{
// Grabs the URI and breaks it apart in case we have querystring stuff
$request_uri = explode('?', $_SERVER['REQUEST_URI'], 2);
//Root
if ($request_uri[0] === '/public_html/') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
require '../App/Views/goals.php';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
GoalController::add_goal();
}
}
//Goals
if ($request_uri[0] === '/public_html/goals') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
require '../App/Views/goals.php';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
GoalController::add_goal();
}
}
if ($request_uri[0] === '/public_html/goals/json') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
header('Location: /public_html/json_goals.php');
}
}
if ($request_uri[0] === '/public_html/goal') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
require '../App/Views/goal.php';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
GoalController::update_goal_by_id();
}
}
//Register
if ($request_uri[0] === '/public_html/register') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
require '../App/Views/register.php';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
UserController::add_user();
}
}
//Login
if ($request_uri[0] === '/public_html/login') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
require '../App/Views/login.php';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
AuthController::login_user();
}
}
if ($request_uri[0] === '/public_html/logout') {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
AuthController::logout_user();
}
}
}
public function checkToken()
{
$auth = new AuthController();
try {
$token = $auth->verifyToken();
} catch (Exception $e) {
echo $this->utils->errorResponse($e->getMessage());
return false;
}
if (isset($token)) {
if ($this->debug) {
$this->utils->debug(__METHOD__, $token);
}
$this->userID = $token->user->userID;
return true;
}
}
public function init()
{
parent::init();
AuthController::requireLogin();
AuthController::requireShopSession();
Shop::getInstance()->requireOpenShop();
$this->setSmarty();
}
/**
* Display login form
*/
private function displayLoginForm()
{
if (!AuthController::isLoggedIn()) {
$this->smarty->assign('LOGIN_ACTION_VALUE', AuthController::LOGIN_ACTION_VALUE);
$this->render(AuthController::AUTH_LOGIN_KEY);
} else {
RequestManager::redirect();
}
}
public static function price()
{
$app = \Slim\Slim::getInstance();
$data = $app->request->post();
$course_sales = isset($data['course_sales']) ? $data['course_sales'] : null;
$coupons = isset($data['coupons']) ? $data['coupons'] : null;
$token = AuthController::getToken($app->request->headers);
$auth = Auth_Token::where('token', '=', $token)->first();
if (!$auth) {
$app->response->setStatus(401);
return 0;
}
$price_array = explode(",", $course_sales);
$coupon_array = explode(",", $coupons);
$result = array();
//go get price and course details and put in memory so that we minimize hits to DB
$details_array = array();
foreach ($price_array as $price_id) {
try {
$price = Price::find($price_id);
$course = $price->course;
array_push($details_array, array("course_id" => $course->id, "price_id" => $price->id, "price" => $course->price));
} catch (Exception $ex) {
}
}
foreach ($coupon_array as $code) {
$code = trim($code);
try {
$valid_coupon = Coupon::valid()->where("code", "=", $code)->first();
} catch (Exception $e) {
$valid_coupon = false;
}
if ($valid_coupon) {
//check to see if the course exists
$course_sale_id = $valid_coupon->course_sale_id;
for ($i = 0; $i < sizeof($details_array); $i++) {
if ($course_sale_id == $details_array[$i]["price_id"]) {
$price = $details_array[$i]["price"];
$value = $valid_coupon->value;
$type = $valid_coupon->type;
$price_change = 0;
if ($type == "percent-discount") {
$price_change = $price * $value;
} elseif ($type == "flat-discount") {
$price_change = $value;
}
array_push($result, array("course_sale_id" => $course_sale_id, "code" => $code, "comments" => $valid_coupon->comments, "price" => $price, "price_change" => $price_change, "new_price" => $price - $price_change));
array_splice($details_array, $i, 1);
break;
}
}
}
}
$app->response->setStatus(200);
return json_encode($result);
}
public function route()
{
$request = trim(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), '/');
$request_arr = explode('/', $request);
if ($request == '') {
$controller = new IndexController($this->service);
$controller->indexAction();
} elseif ($request == 'basket') {
$controller = new BasketController($this->service);
$controller->indexAction();
} elseif ($request == 'auth') {
$controller = new AuthController($this->service);
$controller->indexAction();
} elseif ($request == 'reg') {
$controller = new RegController($this->service);
$controller->indexAction();
} elseif ($request == 'admin') {
$controller = new AdminController($this->service);
$controller->indexAction();
} elseif ($request == 'admin/additem') {
$controller = new AdminController($this->service);
$controller->additemAction();
} elseif ($request == 'admin/category') {
$controller = new AdminController($this->service);
$controller->categoryAction();
} elseif ($request == 'admin/catalog') {
$controller = new AdminController($this->service);
$controller->catalogAction();
} elseif ($request == 'admin/orders') {
$controller = new AdminController($this->service);
$controller->ordersAction();
} elseif ($request = 'cat/' . $request_arr[1]) {
$category_mapper = new CategoryMapper($this->service->get('db'));
if (!$category_mapper->getCategoryFromCode($request_arr[1])) {
$this->get404();
} else {
$controller = new CatController($this->service);
$controller->categoryAction($request_arr[1]);
}
} else {
$this->get404();
}
}
public function getListInfo()
{
$disableChange = DEFAULT_0;
$headerShop = AuthController::checkUserURL();
if (empty($headerShop)) {
return View::make('admin.manage.protocol.protocolinfo');
} else {
return View::make('admin.manage.protocol.protocolinfo', compact('headerShop', 'disableChange'));
}
}
public function startShopSession()
{
if (Shop::getInstance()->isShopUser()) {
if (AuthController::setShopSession()) {
Shop::setShopSession($_GET['id_shop']);
header('Location: home.php');
exit;
}
}
header('Location: shop_selection.php?errorMessage=accessDenied');
exit;
}
/**
* Display a listing of the resource.
*
* @return Response
*/
public function getList()
{
//
$user = Auth::user();
$disableChange = DEFAULT_0;
$headerShop = AuthController::checkUserURL();
if (empty($headerShop)) {
return View::make('admin.manage.user.user', compact('user', 'disableChange'));
} else {
return View::make('admin.manage.user.user', compact('headerShop', 'user', 'disableChange'));
}
}
/**
* 显示满就减列表
*
* @return Response
*/
public function getList()
{
//
$shopID = base64_decode(Input::get('shopID'));
$disableChange = DEFAULT_0;
$headerShop = AuthController::checkUserURL();
if (empty($headerShop)) {
return View::make('admin.market.reward.reward', compact('disableChange'));
} else {
return View::make('admin.market.reward.reward', compact('headerShop', 'disableChange'));
}
}
public function init()
{
//precedence order
parent::init();
AuthController::requireLogin();
AuthController::requireShopSession();
Shop::getInstance()->requireOpenShop();
$formProcess = new FormProductProcess();
$this->verifyURLVars();
$this->requireActiveCategory();
$this->setSmarty();
}
public function profile()
{
$user = User::find(self::userId());
if (Request::isMethod('GET')) {
return View::make("user.profile", ['user' => $user]);
} else {
if (User::profileSave($user)) {
AuthController::setUserSession($user);
}
return Redirect::to('profile');
}
}
/**
* 获取店铺详细信息
*
* @return Response
*/
public function getInfo()
{
$userID = Auth::id();
$shopInfoID = base64_decode(Input::get('shopInfoID'));
$shop = Shop::where('wy_shopkeeper', $userID)->where('wy_shop_id', $shopInfoID)->first(array('wy_shop_id', 'wy_shop_type', 'wy_shop_name', 'wy_shop_icon', 'wy_province_id', 'wy_city_id', 'wy_district_id', 'wy_region_id', 'wy_latitude', 'wy_longitude', 'wy_distance', 'wy_state', 'wy_audit_state', 'wy_send_up_price', 'wy_express_fee', 'wy_phone', 'wy_send_up_time', 'wy_brief', 'wy_start_time', 'wy_keywords', 'wy_addr', 'wy_open_begin', 'wy_open_end', 'wy_delivery_begin', 'wy_delivery_end'));
if (empty($shop)) {
$shopID = base64_decode(Input::get('shopID'));
return Redirect::route('shop.list', array("shopID" => $shopID))->with('error', Lang::get('errormessages.-10039'));
} else {
$shop->wy_shop_id = base64_encode($shop->wy_shop_id);
$types = Dictionary::where('wy_dic_id', DIC_SHOP_TYPE)->get(array('wy_dic_item_id', 'wy_dic_value'));
$typeValue = $shop->wy_shop_type;
$provinceValues = Region::where('wy_region_parentid', DEFAULT_0)->where('wy_region_level', REGION_LEVEL_1)->get(array('wy_region_id', 'wy_region_name', 'wy_region_parentid', 'wy_region_shortname'));
$cityValues = Region::where('wy_region_parentid', $shop->wy_province_id)->where('wy_region_level', REGION_LEVEL_2)->get(array('wy_region_id', 'wy_region_name', 'wy_region_parentid', 'wy_region_shortname'));
$districtValues = Region::where('wy_region_parentid', $shop->wy_city_id)->where('wy_region_level', REGION_LEVEL_3)->get(array('wy_region_id', 'wy_region_name', 'wy_region_parentid', 'wy_region_shortname'));
$disableChange = DEFAULT_0;
$headerShop = AuthController::checkUserURL();
if (empty($headerShop)) {
return View::make('admin.manage.shop.shopinfo', compact('shop', 'provinceValues', 'cityValues', 'districtValues', 'disableChange'))->nest('shopType', 'admin.template.dic.type', compact('types', 'typeValue'));
} else {
return View::make('admin.manage.shop.shopinfo', compact('headerShop', 'shop', 'provinceValues', 'cityValues', 'districtValues', 'disableChange'))->nest('shopType', 'admin.template.dic.type', compact('types', 'typeValue'));
}
}
}
<?php
$app->get('/', function () use($app) {
require 'controllers/MainController.php';
$controller = new MainController();
$controller->index($app);
});
$app->post('/registration', function () use($app) {
require 'controllers/RegistrationController.php';
require 'models/RegistrationModel.php';
$controller = new RegistrationController();
$controller->index($app);
});
$app->post('/auth', function () use($app) {
require 'controllers/AuthController.php';
require 'models/AuthModel.php';
$controller = new AuthController();
$controller->index($app);
});
static function addRoutes($app, $authenticateForRole)
{
/////
// System Admin
// TODO: Create system functions route
/////
$app->map("/admin/auth/delete/expired-tokens/", $authenticateForRole('admin'), function () use($app) {
AuthController::deleteExpiredAuthTokens($app);
})->via(['DELETE', 'POST']);
/**
* @api {post} /user/update/password Manage user password.
* @apiName ChangeUserPassword
* @apiGroup Auth
*
* @apiParam {String} apiKey User session key.
* @apiParam {String} apiToken User session unhashed token.
*
* @apiParam {Integer} userId optional but Required if the User Email was not provided. Used to select the user.
* @apiParam {String} email optional but Required if the User ID was not provided. Used to select the user.
* @apiParam {String} current Current user password for user authentication.
* @apiParam {String} new New password for the user to change it too.
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200: OK
* {
* "data": {
* "msg": "Password successfully changed."
* },
* "meta": {
* "error": false,
* "status": 200
* }
* }
*
* @apiErrorExample {json} Error-Missing-Parameters:
* HTTP/1.1 400: Bad Request
* {
* "data": {
* "msg": "Password could not be changed. Check your parameters and try again."
* },
* "meta": {
* "error": true,
* "status": 400
* }
* }
*
* @apiErrorExample {json} Error-Invalid-New-Password:
* HTTP/1.1 400: Bad Request
* {
* "data": {
* "msg": "Invalid Password. Check your parameters and try again."
* },
* "meta": {
* "error": true,
* "status": 400
* }
* }
*
* @apiErrorExample {json} Error-User-Id-Not-Found:
* HTTP/1.1 400: Bad Request
* {
* "data": {
* "msg": "User not found. Check your parameters and try again."
* },
* "meta": {
* "error": true,
* "status": 400
* }
* }
*
* @apiErrorExample {json} Error-Unauthorized:
* HTTP/1.1 401: Unauthorized
* {
* "data": {
* "msg": "Invalid user password. Unable to verify request."
* },
* "meta": {
* "error": true,
* "status": 401
* }
* }
*
* @apiErrorExample {json} Error-Unknown-DB-Update:
* HTTP/1.1 400: Bad Request
* {
* "data": {
* "msg": "Password could not be changed. Try again later."
* },
* "meta": {
* "error": true,
* "status": 400
* }
* }
*/
$app->post("/user/update/password/", $authenticateForRole('member'), function () use($app) {
AuthController::changeUserPassword($app);
});
//* /auth/ routes - publicly accessable
$app->group('/auth', $authenticateForRole('public'), function () use($app) {
/**
* @api {post} /auth/authenticate Confirm api key and token pair represents an active user login session.
* @apiName Authenticate
* @apiGroup Auth
*
* @apiParam {String} apiKey User session key.
* @apiParam {String} apiToken User session unhashed token.
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200: OK
* {
* "data": {
* "authenticated": true,
* "sessionLifeHours": 1
* "user": {
* "id": "28",
* "nameFirst": "Rachel",
* "nameLast": "Testing",
* "email": "*****@*****.**",
* "displayName": "Rachel",
* "roles": ['3'],
* "apiKey": "caf02551768a09e1aed8946ecacce3b01f253884a08bded1f1a76520b8f0c4e847914a1daea072ab957582a2c32beceacd62b5e6842f18ef2b21a3f13b16c374",
* "apiToken": "c88e7640de8f34c18d7d07d6d0a26b0d9896f188766e445bac32a44cb275ba89"
* }
* },
* "meta": {
* "error": false,
* "status": 200
* }
* }
*
*
* @apiErrorExample {json} Error-Missing-Parameters:
* HTTP/1.1 401: Unauthorized
* {
* "data": {
* "authenticated": false,
* "msg": "Unauthenticated: Invalid request. Check your parameters and try again."
* },
* "meta": {
* "error": true,
* "status": 401
* }
* }
*
*
* @apiErrorExample {json} Error-Incorrect-Values:
* HTTP/1.1 401: Unauthorized
* {
* "data": {
* "authenticated": false,
* "msg": "Unauthenticated: No User"
* },
* "meta": {
* "error": true,
* "status": 401
* }
* }
*/
$app->post("/authenticate/", function () use($app) {
AuthController::isAuthenticated($app);
});
/**
* @api {post} /auth/signup Standard user signup.
* @apiName Signup
* @apiGroup Auth
*
* @apiParam {String} email User email address.
* @apiParam {String} passowrd User unencrypted password.
* @apiParam {String} nameFirst User first name.
* @apiParam {String} nameLast User last name.
* @apiParam {Integer} teamId optional Team to add the new player too.
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200: OK
* {
* "data": {
* "registered": true,
* "sessionLifeHours": 1
* "user": {
* "id": "28",
* "nameFirst": "Rachel",
* "nameLast": "Testing",
* "email": "*****@*****.**",
* "displayName": "Rachel",
* "roles": ['3'],
* "apiKey": "caf02551768a09e1aed8946ecacce3b01f253884a08bded1f1a76520b8f0c4e847914a1daea072ab957582a2c32beceacd62b5e6842f18ef2b21a3f13b16c374",
* "apiToken": "c88e7640de8f34c18d7d07d6d0a26b0d9896f188766e445bac32a44cb275ba89"
* }
* },
* "meta": {
* "error": false,
* "status": 200
* }
* }
*
* @apiErrorExample {json} Error-Missing-Parameters:
* HTTP/1.1 400: Bad Request
* {
* "data": {
* "registered": false,
* "msg": "Signup failed. Check your parameters and try again."
* },
* "meta": {
* "error": true,
* "status": 400
* }
* }
*
* @apiErrorExample {json} Error-Duplicate-Email:
* HTTP/1.1 400: Bad Request
* {
* "data": {
* "registered": false,
* "msg": "Signup failed. A user with that email already exists."
* },
* "meta": {
* "error": true,
* "status": 400
* }
* }
*/
$app->post("/signup/", function () use($app) {
AuthController::signup($app);
});
/* email, nameFirst, nameLast, facebookId, accessToken */
$app->post("/signup/facebook/", function () use($app) {
AuthController::facebookSignup($app);
});
/* email, nameFirst, nameLast, password, venue, address, city, state, zip */
/* OPTIONAL: addressb, phone, website, facebook, logo, hours, referralCode */
$app->post("/venue/signup/", function () use($app) {
AuthController::venueSignup($app);
});
/* email, nameFirst, nameLast, facebookId, accessToken, venue, address, city, state, zip */
/* OPTIONAL: addressb, phone, website, facebook, logo, hours, referralCode */
$app->post("/venue/signup/facebook/", function () use($app) {
AuthController::venueFacebookSignup($app);
});
$app->post("/signup/additional/", function () use($app) {
InfoController::saveAdditional($app);
});
/**
* @api {post} /auth/login Standard user login.
* @apiName Login
* @apiGroup Auth
*
* @apiParam {String} email User email address.
* @apiParam {String} passowrd User unencrypted password.
*
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200: OK
* {
* "data": {
* "authenticated": true,
* "sessionLifeHours": 1
* "user": {
* "id": "28",
* "nameFirst": "Rachel",
* "nameLast": "Testing",
* "email": "*****@*****.**",
* "displayName": "Rachel",
* "roles": ['3'],
* "apiKey": "caf02551768a09e1aed8946ecacce3b01f253884a08bded1f1a76520b8f0c4e847914a1daea072ab957582a2c32beceacd62b5e6842f18ef2b21a3f13b16c374",
* "apiToken": "c88e7640de8f34c18d7d07d6d0a26b0d9896f188766e445bac32a44cb275ba89"
* }
* },
* "meta": {
* "error": false,
* "status": 200
* }
* }
*
* @apiErrorExample {json} Error-Missing-Parameters:
* HTTP/1.1 401: Unauthorized
* {
* "data": {
* "authenticated": false,
* "msg": "Login failed. Check your parameters and try again."
* },
* "meta": {
* "error": true,
* "status": 401
* }
* }
*
* @apiErrorExample {json} Error-Unregistered-Email:
* HTTP/1.1 401: Unauthorized
* {
* "data": {
* "authenticated": false,
* "msg": "Unauthenticated: No User"
* },
* "meta": {
* "error": true,
* "status": 401
* }
* }
*
* @apiErrorExample {json} Error-Incorrect-Password:
* HTTP/1.1 401: Unauthorized
* {
* "data": {
* "authenticated": false,
* "maxattempts": 6,
* "msg": "Login failed. Username and password combination did not match."
* },
* "meta": {
* "error": true,
* "status": 401
* }
* }
*/
$app->post("/login/", function () use($app) {
AuthController::login($app);
});
$app->post("/forgotpassword/", function () use($app) {
AuthController::forgotpassword($app);
});
$app->post("/getforgotpasswordemail/", function () use($app) {
AuthController::getforgotpasswordemail($app);
});
$app->post("/resetpassword/", function () use($app) {
AuthController::resetpassword($app);
});
/* email, nameFirst, nameLast, facebookId, accessToken */
$app->post("/login/facebook/", function () use($app) {
AuthController::facebookLogin($app);
});
/////
///// Logout
/////
$app->post("/logout/", function () use($app) {
AuthController::logout($app);
});
});
}
if (empty($_POST[AuthController::LOGIN_FORM_USER]) || empty($_POST[AuthController::LOGIN_FORM_PASS])) {
$flash = array();
$flash['class'] = 'danger';
$flash['message'] = 'Please enter a username and password';
} else {
if (!CaptchaController::validate_captcha($_POST[AuthController::LOGIN_FORM_CAPTCHA])) {
$flash = array();
$flash['class'] = 'danger';
$flash['message'] = 'Invalid captcha';
} else {
$user = $_POST[AuthController::LOGIN_FORM_USER];
$pass = $_POST[AuthController::LOGIN_FORM_PASS];
//authenticate
if (AuthController::is_authenticated($user, $pass)) {
//save in session
AuthController::save_auth($user);
//redirect
$redirect_url = !empty($_SESSION[AuthController::SESSION_REDIRECT_URL_KEY]) ? $_SESSION[AuthController::SESSION_REDIRECT_URL_KEY] : AuthController::LOGGED_IN_HOME_URL;
http_response_code(302);
header('Location: ' . $redirect_url);
die;
} else {
//randomize sleep to timing string length attacks
usleep(rand(AuthController::LOGIN_FAILED_TIMEOUT_MIN, AuthController::LOGIN_FAILED_TIMEOUT_MAX));
$flash = array();
$flash['class'] = 'danger';
$flash['message'] = 'Invalid username or password';
}
}
}
}
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
parent::__construct();
$this->middleware('role.admin');
}
<?php
ini_set('display_errors', 1);
//On prépare le script à recevoir des objets JSON
header("Content-type : application/json ; charset=UTF-8", true);
//On autoload les classes en faisant appel à la classe autoload
require '../Autoloader.php';
Autoloader::load();
//On créer les objets des controllers
$authControl = new AuthController();
$questionControl = new QuestionnaireController();
$progControl = new ProgrammeController();
$userControl = new UserController();
$rituelControl = new RituelController();
$adminControl = new AdminController();
$habitsControl = new HabitsController();
//On recherche dans toutes les superglobales d'entête HTTP pour chercher l'information au bon endroit et rediriger le script vers la bonne méthode à appeler. Le champs action doit être renseigner pour demander une action de la part des scripts PHP.
//Get doit être utilisé que lorsque l'on souhaite récupérer des informations
if (isset($_GET['action'])) {
switch ($_GET['action']) {
//Permet d'obtenir toutes les informations nécessaire à un questionnaire (questions/réponses/profils de réponse). Champs requis : idProg (contient l'id BDD du programme dont on veut le questionnaire)
case 'survey':
echo $questionControl->showQuestions();
break;
//Permet de recevoir une liste de tout les programmes.
//Permet de recevoir une liste de tout les programmes.
case "programs":
echo $progControl->showProg();
break;
//Permet de recevoir une ou plusieurs informations sur un profil utilisateur. Champs requis : accessToken, field (contient le ou les noms de champs dont on veux la valeur. Chaque nom doit être séparé par des virgules)
//Permet de recevoir une ou plusieurs informations sur un profil utilisateur. Champs requis : accessToken, field (contient le ou les noms de champs dont on veux la valeur. Chaque nom doit être séparé par des virgules)
