function validateToken($requireAdmin = false) { global $jsonResponse, $app; $retVal = false; if (checkDbToken()) { $retVal = true; } else { clearDbToken(); $jsonResponse->message = 'Invalid token.'; $app->response->setStatus(401); } if ($retVal && $requireAdmin) { $user = getUser(); if (!$user->isAdmin) { clearDbToken(); $jsonResponse->message = 'Insufficient user privileges.'; $app->response->setStatus(401); } } return $retVal; }
setUserToken($lookup, $expires); $lookup->logins = $lookup->logins + 1; $lookup->lastLogin = time(); R::store($lookup); logAction($lookup->username . ' logged in.', null, null); $jsonResponse->message = 'Login successful.'; $jsonResponse->data = R::findOne('token', ' user_id = ? ORDER BY id DESC ', [$lookup->id])->token; $app->response->setStatus(200); } } $app->response->setBody($jsonResponse->asJson()); }); // Log out a user by clearing tokens. $app->get('/logout', function () use($app, $jsonResponse) { if (validateToken()) { clearDbToken(); $jsonResponse->message = 'Logout complete.'; $actor = getUser(); logAction($actor->username . ' logged out.', null, null); } $app->response->setStatus(200); // Doesn't matter if the token was no good. $app->response->setBody($jsonResponse->asJson()); }); // Update current user's password. $app->post('/updatepassword', function () use($app, $jsonResponse) { $data = json_decode($app->environment['slim.input']); if (validateToken()) { $user = getUser(); if (null != $user) { $checkPass = password_hash($data->currentPass, PASSWORD_BCRYPT, array('salt' => $user->salt));