public function authenticateAction(Request $req) { $results = array("token" => "", "success" => "false", "message" => "", "error" => ""); if (0 === strpos($this->getRequest()->headers->get("Content-Type"), "application/json")) { $data = json_decode($this->getRequest()->getContent(), true); } else { $results["error"] .= "Wrong format received. "; } $email = filter_var($data["email"], FILTER_SANITIZE_EMAIL); $password_dec = filter_var($data["password"], FILTER_SANITIZE_SPECIAL_CHARS); $db_params = get_db_params_from_config(); $db_conn = new DBConnection($db_params); $db_conn->connect(); $res_arr = retrieve_password_fields($conn, $user_name); $enc_vals = get_enc_vals(); $enc_pw = encrypt($_SESSION["salt"], $password_dec, $_SESSION["iv"]); // Search database for user with matching encrypted password. // ... $response = new Response(json_encode($results)); $response->headers->set('Content-Type', 'application/json'); return $response; }
/** * Method POST only * Processes the log in data. */ public function loginAction(Request $req) { // Call check_auth() $user_name = filter_var($req->request->get("uEmail"), FILTER_SANITIZE_EMAIL); $password_dec = filter_var($req->request->get("uPassword"), FILTER_SANITIZE_SPECIAL_CHARS); if (isset($user_name) && isset($password)) { //Check db match for user details $res_arr = retrieve_password_fields($conn, $user_name); //There is a match, so start a session session_start(); $enc_vals = get_enc_vals(); // Set 3 variables in the server SESSION. $_SESSION["salt"] = $enc_vals["salt"]; $_SESSION["iv"] = $enc_vals["iv"]; $_SESSION["userName"] = $user_name; $enc_pw = encrypt($_SESSION["salt"], $password_dec, $_SESSION["iv"]); $_SESSION["enc_pw"] = $enc_pw; // Set two cookies on the client machine. setcookie("userName", $user_name, time() + 28800, "/", "", 0); setcookie("password", $enc_pw, time() + 28800, "/", "", 0); return $this->render('TestCMSCMSBundle:Default:create_content.html.twig'); } }