function verify_user($userArray)
{
if (!(isset($userArray['user_id']) || (isset($userArray['username']) || isset($userArray['email'])) && (isset($userArray['password']) || isset($userArray['token'])))) {
throw new Exception("Must provide (username or email) and password.");
}
//set variables
$user_id = isset($userArray['user_id']) ? $userArray['user_id'] : NULL;
$username = isset($userArray['username']) ? $userArray['username'] : NULL;
$email = isset($userArray['email']) ? $userArray['email'] : NULL;
$password = isset($userArray['password']) ? $userArray['password'] : NULL;
$token = isset($userArray['token']) ? $userArray['token'] : NULL;
if (isset($token)) {
$user_id = VerifyToken($token, $user_id, $username);
if ($user_id === FALSE) {
throw new Exception("Your session has expired. Please log in again.");
}
$token = $token;
}
$dbh = new PDOConnection();
// Could not verify by token, try by username/email and password
if (empty($user_id)) {
$row = GetUserInfo($dbh, $username, $email, $password);
//user verified, return proper landing page content
$user_id = $row['id'];
$token = GenerateToken($username, $password);
StoreToken($username, $token);
}
return array_merge(GetLandingPageContent($dbh, $user_id), array('token' => $token));
}
function submit_order($values)
{
if (!(isset($values['user_id']) && isset($values['token']))) {
throw new Exception('user_id and token required');
}
if (FALSE === VerifyToken($values['token'], $values['user_id'], NULL)) {
throw new Exception('Your session has expired. Please log in again.');
}
//set up all data to be passed to add_order()
$userInfo = get_users(array('id' => $values['user_id']));
$email = isset($values['email']) ? $values['email'] : $userInfo['email'];
$dbh = new PDOConnection();
$order = get_cart_information($dbh, $values);
//TODO : customer_id
$billing_addresses = get_addresses(array('user_id' => $values['user_id'], 'customer_id' => -1, 'type' => ADDRESS_TYPE_BILL));
$order['billing_address_id'] = isset($billing_addresses[0]['address_id']) ? $billing_addresses[0]['address_id'] : $order['shipping_address_id'];
$orderInfo = add_order($order);
order_confirmation_email(array_merge($orderInfo, array('email' => $email)));
//delete cart
delete_cart_by_user_id($dbh, $values['user_id']);
return $orderInfo;
}
<?php
header("Access-Control-Allow-Origin: *");
include "databasefunctions.php";
include_once "bintypes.php";
include "user.php";
include "pointObject.php";
if (isset($_POST["userId"]) && isset($_POST["points"]) && isset($_POST["token"])) {
if (VerifyToken($_POST["userId"], $_POST["token"])) {
$id = $_POST["userId"];
$points = $_POST["points"];
$user = makeUserFromRaw(GetUser($id));
$newPoints = new PointObject();
$newPoints->AddFromArray($points);
//add points given by user (positive)
if (!$user->Points->StillPositiveWhenSubtractingOther($newPoints)) {
echo json_encode(array("Error" => "User does not have the points required."));
} else {
$newPoints->Invert();
//Invert, so we get negative values
$newPoints->RemovePositive();
//Remove all positive numbers, adding points is not allowed from this page
$newPoints->Add($user->Points);
//add the new existing points
$user->Points = $newPoints;
$user->Points->RemoveNegative();
//Make sure user doesn't have a negative balance. (Should NEVER happen)
echo EditUserPoints($user->UserId, json_encode($user->Points));
}
} else {
$errorMsg = ["Error" => "No or invalid access token given"];
