/** * Method to fetch Authenticated user * * Fech a record for a specific authenticated user * by Username and password * * @url GET authenticate/{username}/{password} * @url POST authenticate * @smart-auto-routing false * * @access public * @throws 403 User cannot be authenticated * @param string $username User to be fetched * @param string $password Authentication Password * @return mixed */ public function authenticate($username, $password, $api_call = false) { $db = DataConnection::readOnly(); $user = $db->user()->where("username", $username)->and("status > ?", 0)->limit(1)->fetch(); if (count($user) > 0) { //Authenticating password $pwHasher = new Phpass\PasswordHash(8, false); $passed = $pwHasher->CheckPassword($password, $user['password']); if ($passed) { $res = array(); foreach ($user as $field => $value) { if ($field != "password") { $res[$field] = $value; } $this->{$field} = $value; } $res['granted'] = true; $this->granted = true; return $res; } else { $this->granted = false; if ($api_call) { throw new Luracast\Restler\RestException(403, 'Unable to authenticate user'); } } } else { $this->granted = false; if ($api_call) { throw new Luracast\Restler\RestException(403, 'Unable to authenticate user'); } } }
/** * Method to fetch Authenticated user * * Fech a record for a specific authenticated user * by Username and password * * @url GET authenticate/{username}/{password} * @url POST authenticate * @smart-auto-routing false * * @access public * @throws 403 User cannot be authenticated * @param string $username User to be fetched * @param string $password Authentication Password * @return mixed */ public function authenticate($username, $password, $api_call = false) { $pdo = new PDO(NATURAL_PDO_DSN_READ, NATURAL_PDO_USER_READ, NATURAL_PDO_PASS_READ); $sql = "select u.*, al.access_level\n\t\t\t\t\t\t\t\t from church_link cl\n\t\t\t\t\t\t\t\t left outer join user u on u.id = cl.user_id\n\t\t\t\t\t\t\t\t left outer join acl_levels al on al.id = cl.acl_levels_id\n\t\t\t\t\t\t\t\t where u.username = '******'"; $conn = $pdo->prepare($sql); $conn->execute(); $user = $conn->fetchAll(PDO::FETCH_ASSOC); if (count($user) > 0) { //Authenticating password $pwHasher = new Phpass\PasswordHash(8, false); $passed = $pwHasher->CheckPassword($password, $user[0]['password']); if ($passed) { $res = array(); foreach ($user[0] as $field => $value) { if ($field != "password") { $res[$field] = $value; } $this->{$field} = $value; } $res['granted'] = true; $this->granted = true; return $res; } else { $this->granted = false; if ($api_call) { throw new Luracast\Restler\RestException(403, 'Unable to authenticate user'); } } } else { $this->granted = false; if ($api_call) { throw new Luracast\Restler\RestException(403, 'Unable to authenticate user'); } } }