/** * Process Login from api * * @return userID, Email and Token */ public function loginAction() { //The login request should be POST method $request = $_POST; $token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null; $email = isset($request['email']) ? trim($request['email']) : null; $password = isset($request['password']) ? trim($request['password']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if ($token != THENEWBOSTON_PUBLIC_API_KEY) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $info = buckys_get_user_by_email($email); if (buckys_not_null($info) && buckys_validate_password($password, $info['password'])) { if ($info['status'] == 0) { //Account is not verified return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_ACCOUNT_NOT_VERIFIED)]; } else { //Remove Old Token BuckysUsersToken::removeUserToken($info['userID'], 'api'); //Create New Token $token = BuckysUsersToken::createNewToken($info['userID'], 'api'); return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'TOKEN' => $token, 'EMAIL' => $info['email'], 'USERID' => $info['userID']]]; } } else { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Email or password is not correct.')]; } }
//E-mail if (!trim($_POST['email'])) { $loginError = 1; buckys_redirect('/register.php', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR); } else { if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $_POST['email'])) { buckys_redirect('/register.php', MSG_INVALID_EMAIL, MSG_TYPE_ERROR); } } //Password if (empty($_POST['password'])) { buckys_redirect('/register.php', MSG_EMPTY_PASSWORD, MSG_TYPE_ERROR); } $email = trim($_POST['email']); $password = trim($_POST['password']); $info = buckys_get_user_by_email($email); if (buckys_not_null($info)) { if (!buckys_validate_password($password, $info['password'])) { buckys_redirect('/register.php', MSG_INVALID_LOGIN_INFO, MSG_TYPE_ERROR); } else { if ($info['status'] == 0) { //Account Not Verified or Banned buckys_redirect('/index.php', !$info['token'] ? MSG_ACCOUNT_BANNED : MSG_ACCOUNT_NOT_VERIFIED, MSG_TYPE_ERROR); } else { //Login Success //Clear Login Attemps BuckysTracker::clearLoginAttemps(); $_SESSION['userID'] = $info['userID']; //Init Some Session Values $_SESSION['converation_list'] = array(); //If the keep me signed in is checked, save data to cookie