<?php require_once '../lib/env.php'; require_once 'http.php'; require_once 'session.php'; require_once 'db.php'; switch ($_SERVER['REQUEST_METHOD']) { case 'GET': checkConnected(); $_SESSION['user'] = $db_driver->getUser($_SESSION['user']['id'], $_SESSION['user']['customer'], NULL); unset($_SESSION['user']['password']); unset($_SESSION['user']['salt']); httpResponse(200, array('user' => $_SESSION['user'])); break; case 'OPTIONS': httpOptionsMethod(HTTP_GET); break; default: httpUnsupportedMethod(); break; }
httpResponse(200, array('message' => 'Logged in', 'user_id' => $_SESSION['user']['id'])); } else { httpResponse(401, array('message' => 'Not logged in')); } break; case 'POST': $credential = httpParseInput(); if (!$credential || !isset($credential['login']) || !isset($credential['password'])) { httpResponse(400, array('message' => '"login" and "password" are required')); } $user = $db_driver->getUser(NULL, NULL, $credential['login']); if ($user === false || !$user['is_active']) { httpResponse(401, array('message' => 'Authentication failed')); } $raw_pw = hash_pbkdf2('sha512', $credential['password'], $user['salt'], 1024, 40, true); if ($user['password'] != base64_encode($raw_pw)) { httpResponse(401, array('message' => 'Password failed')); } $_SESSION['user'] = $user; unset($_SESSION['user']['password']); unset($_SESSION['user']['salt']); httpAddLocation('/auth/'); httpResponse(201, array('message' => 'Logged in', 'user_id' => $user['id'])); break; case 'OPTIONS': httpOptionsMethod(HTTP_ALL_METHODS & ~HTTP_PUT); break; default: httpUnsupportedMethod(); break; }
case 'GET': checkConnected(); $customer = $db_driver->getCustomer($_SESSION['user']['customer']); if ($customer === null) { httpResponse(204, null); } if ($customer) { httpResponse(200, $customer); } httpResponse(500, null); break; case 'POST': checkConnected(); $fields = httpParseInput(); $fields['id'] = $_SESSION['user']['customer']; $res = $db_driver->updateCustomer($fields); if ($res === true) { httpResponse(200, array('message' => 'Successfully updated')); } if ($res) { httpResponse(400, array('message' => $res)); } httpResponse(500, null); break; case 'OPTIONS': httpOptionsMethod(HTTP_ALL_METHODS & ~HTTP_PUT & ~HTTP_DELETE); break; default: httpUnsupportedMethod(); break; }
httpResponse(201, array('message' => 'Successfully inserted')); } if ($users) { httpResponse(400, array('message' => $users)); } httpResponse(500, null); break; case 'PUT': checkConnected(); $salt = NULL; $fields = httpParseInput(); $fields['customer'] = $_SESSION['user']['customer']; if (isset($fields['password'])) { $salt = generate_salt(40); } $users = $db_driver->setUser($fields, $salt); if ($users === true) { httpResponse(200, array('message' => 'Successfully updated')); } if ($users) { httpResponse(400, array('message' => $users)); } httpResponse(500, null); break; case 'OPTIONS': httpOptionsMethod(HTTP_ALL_METHOD); break; default: httpUnsupportedMethod(); break; }