<?php
require_once '../lib/env.php';
require_once 'http.php';
require_once 'session.php';
require_once 'db.php';
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
checkConnected();
$_SESSION['user'] = $db_driver->getUser($_SESSION['user']['id'], $_SESSION['user']['customer'], NULL);
unset($_SESSION['user']['password']);
unset($_SESSION['user']['salt']);
httpResponse(200, array('user' => $_SESSION['user']));
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_GET);
break;
default:
httpUnsupportedMethod();
break;
}
httpResponse(200, array('message' => 'Logged in', 'user_id' => $_SESSION['user']['id']));
} else {
httpResponse(401, array('message' => 'Not logged in'));
}
break;
case 'POST':
$credential = httpParseInput();
if (!$credential || !isset($credential['login']) || !isset($credential['password'])) {
httpResponse(400, array('message' => '"login" and "password" are required'));
}
$user = $db_driver->getUser(NULL, NULL, $credential['login']);
if ($user === false || !$user['is_active']) {
httpResponse(401, array('message' => 'Authentication failed'));
}
$raw_pw = hash_pbkdf2('sha512', $credential['password'], $user['salt'], 1024, 40, true);
if ($user['password'] != base64_encode($raw_pw)) {
httpResponse(401, array('message' => 'Password failed'));
}
$_SESSION['user'] = $user;
unset($_SESSION['user']['password']);
unset($_SESSION['user']['salt']);
httpAddLocation('/auth/');
httpResponse(201, array('message' => 'Logged in', 'user_id' => $user['id']));
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_ALL_METHODS & ~HTTP_PUT);
break;
default:
httpUnsupportedMethod();
break;
}
case 'GET':
checkConnected();
$customer = $db_driver->getCustomer($_SESSION['user']['customer']);
if ($customer === null) {
httpResponse(204, null);
}
if ($customer) {
httpResponse(200, $customer);
}
httpResponse(500, null);
break;
case 'POST':
checkConnected();
$fields = httpParseInput();
$fields['id'] = $_SESSION['user']['customer'];
$res = $db_driver->updateCustomer($fields);
if ($res === true) {
httpResponse(200, array('message' => 'Successfully updated'));
}
if ($res) {
httpResponse(400, array('message' => $res));
}
httpResponse(500, null);
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_ALL_METHODS & ~HTTP_PUT & ~HTTP_DELETE);
break;
default:
httpUnsupportedMethod();
break;
}
httpResponse(201, array('message' => 'Successfully inserted'));
}
if ($users) {
httpResponse(400, array('message' => $users));
}
httpResponse(500, null);
break;
case 'PUT':
checkConnected();
$salt = NULL;
$fields = httpParseInput();
$fields['customer'] = $_SESSION['user']['customer'];
if (isset($fields['password'])) {
$salt = generate_salt(40);
}
$users = $db_driver->setUser($fields, $salt);
if ($users === true) {
httpResponse(200, array('message' => 'Successfully updated'));
}
if ($users) {
httpResponse(400, array('message' => $users));
}
httpResponse(500, null);
break;
case 'OPTIONS':
httpOptionsMethod(HTTP_ALL_METHOD);
break;
default:
httpUnsupportedMethod();
break;
}
