private static function authorizeApiToken($app) { if (!v::key('apiKey', v::stringType())->validate($app->request->post()) || !v::key('apiToken', v::stringType())->validate($app->request->post())) { return false; } $user = AuthData::selectUserByIdentifierToken($app->request->post('apiKey')); if (!$user) { return "user"; } if (!password_verify($app->request->post('apiToken'), $user->apiToken)) { return "password"; } // Go now. Be free little brother. return $user->id; }
private static function login_logoutCurrentAccount($post) { if (v::key('logout', v::stringType())->validate($post)) { AuthData::deleteAuthToken(array(':identifier' => $post['logout'])); return true; } return false; }
static function deleteExpiredAuthTokens($app) { AuthData::deleteExpiredAuthTokens(); return $app->render(200, array('msg' => "Deleted expired auth tokens.")); }
static function signup($app) { // Get Post Data $post = $app->request->post(); // Validate Sent Input $valid = self::validateFacebookProfile($post); if ($valid !== true) { return array('registered' => false, 'msg' => 'Facebook signup failed. Check your parameters and try again.'); } /* $token = self::getActiveAccessToken(); $profile = self::getProfile($post['accessToken']); if(true || !$token) { return array('registered' => false, 'msg' => 'Facebook signup failed. You are not logged into Facebook.', 'token' => $token, 'profile' => $profile, 'post' => $post, 'cookie' => $_COOKIE); } */ // Look for user with that email $existing = AuthData::selectUserAndPasswordByEmail($post['email']); if ($existing) { /// FAIL - If a user with that email already exists return array('registered' => false, 'msg' => 'Facebook signup failed. A user with that email already exists.'); } $validUser = array(':email' => $post['email'], ':name_first' => $post['nameFirst'], ':name_last' => $post['nameLast'], ':facebook_id' => $post['facebookId']); $userId = AuthData::insertFacebookUser($validUser); if (!$userId) { /// FAIL - If Inserting the user failed return array('registered' => false, 'msg' => 'Facebook signup failed. Could not save user.'); } // Select our new user $user = AuthData::selectUserById($userId); if (!$user) { /// FAIL - If Inserting the user failed (hopefully this is redundant) return array('registered' => false, 'msg' => 'Facebook signup failed. Could not select user.'); } // Save "Where did you hear about us" and any other additional questions // This is "quiet" in that it may not execute if no paramters match // And it doesnt set the response for the api call InfoController::quietlySaveAdditional($post, $user->id); // Create an authorization $token = AuthControllerNative::createAuthToken($app, $user->id); if ($token) { // Create the return object $found = array('user' => $user); $found['user']->apiKey = $token['apiKey']; $found['user']->apiToken = $token['apiToken']; $found['sessionLifeHours'] = $token['sessionLifeHours']; $found['registered'] = true; return $found; } else { return array('registered' => false, 'msg' => 'Facebook Signup failed to creat auth token.'); } }