function verify_user($userArray) { if (!(isset($userArray['user_id']) || (isset($userArray['username']) || isset($userArray['email'])) && (isset($userArray['password']) || isset($userArray['token'])))) { throw new Exception("Must provide (username or email) and password."); } //set variables $user_id = isset($userArray['user_id']) ? $userArray['user_id'] : NULL; $username = isset($userArray['username']) ? $userArray['username'] : NULL; $email = isset($userArray['email']) ? $userArray['email'] : NULL; $password = isset($userArray['password']) ? $userArray['password'] : NULL; $token = isset($userArray['token']) ? $userArray['token'] : NULL; if (isset($token)) { $user_id = VerifyToken($token, $user_id, $username); if ($user_id === FALSE) { throw new Exception("Your session has expired. Please log in again."); } $token = $token; } $dbh = new PDOConnection(); // Could not verify by token, try by username/email and password if (empty($user_id)) { $row = GetUserInfo($dbh, $username, $email, $password); //user verified, return proper landing page content $user_id = $row['id']; $token = GenerateToken($username, $password); StoreToken($username, $token); } return array_merge(GetLandingPageContent($dbh, $user_id), array('token' => $token)); }
function submit_order($values) { if (!(isset($values['user_id']) && isset($values['token']))) { throw new Exception('user_id and token required'); } if (FALSE === VerifyToken($values['token'], $values['user_id'], NULL)) { throw new Exception('Your session has expired. Please log in again.'); } //set up all data to be passed to add_order() $userInfo = get_users(array('id' => $values['user_id'])); $email = isset($values['email']) ? $values['email'] : $userInfo['email']; $dbh = new PDOConnection(); $order = get_cart_information($dbh, $values); //TODO : customer_id $billing_addresses = get_addresses(array('user_id' => $values['user_id'], 'customer_id' => -1, 'type' => ADDRESS_TYPE_BILL)); $order['billing_address_id'] = isset($billing_addresses[0]['address_id']) ? $billing_addresses[0]['address_id'] : $order['shipping_address_id']; $orderInfo = add_order($order); order_confirmation_email(array_merge($orderInfo, array('email' => $email))); //delete cart delete_cart_by_user_id($dbh, $values['user_id']); return $orderInfo; }
<?php header("Access-Control-Allow-Origin: *"); include "databasefunctions.php"; include_once "bintypes.php"; include "user.php"; include "pointObject.php"; if (isset($_POST["userId"]) && isset($_POST["points"]) && isset($_POST["token"])) { if (VerifyToken($_POST["userId"], $_POST["token"])) { $id = $_POST["userId"]; $points = $_POST["points"]; $user = makeUserFromRaw(GetUser($id)); $newPoints = new PointObject(); $newPoints->AddFromArray($points); //add points given by user (positive) if (!$user->Points->StillPositiveWhenSubtractingOther($newPoints)) { echo json_encode(array("Error" => "User does not have the points required.")); } else { $newPoints->Invert(); //Invert, so we get negative values $newPoints->RemovePositive(); //Remove all positive numbers, adding points is not allowed from this page $newPoints->Add($user->Points); //add the new existing points $user->Points = $newPoints; $user->Points->RemoveNegative(); //Make sure user doesn't have a negative balance. (Should NEVER happen) echo EditUserPoints($user->UserId, json_encode($user->Points)); } } else { $errorMsg = ["Error" => "No or invalid access token given"];