public function authenticateAction(Request $req)
{
$results = array("token" => "", "success" => "false", "message" => "", "error" => "");
if (0 === strpos($this->getRequest()->headers->get("Content-Type"), "application/json")) {
$data = json_decode($this->getRequest()->getContent(), true);
} else {
$results["error"] .= "Wrong format received. ";
}
$email = filter_var($data["email"], FILTER_SANITIZE_EMAIL);
$password_dec = filter_var($data["password"], FILTER_SANITIZE_SPECIAL_CHARS);
$db_params = get_db_params_from_config();
$db_conn = new DBConnection($db_params);
$db_conn->connect();
$res_arr = retrieve_password_fields($conn, $user_name);
$enc_vals = get_enc_vals();
$enc_pw = encrypt($_SESSION["salt"], $password_dec, $_SESSION["iv"]);
// Search database for user with matching encrypted password.
// ...
$response = new Response(json_encode($results));
$response->headers->set('Content-Type', 'application/json');
return $response;
}
/**
* Method POST only
* Processes the log in data.
*/
public function loginAction(Request $req)
{
// Call check_auth()
$user_name = filter_var($req->request->get("uEmail"), FILTER_SANITIZE_EMAIL);
$password_dec = filter_var($req->request->get("uPassword"), FILTER_SANITIZE_SPECIAL_CHARS);
if (isset($user_name) && isset($password)) {
//Check db match for user details
$res_arr = retrieve_password_fields($conn, $user_name);
//There is a match, so start a session
session_start();
$enc_vals = get_enc_vals();
// Set 3 variables in the server SESSION.
$_SESSION["salt"] = $enc_vals["salt"];
$_SESSION["iv"] = $enc_vals["iv"];
$_SESSION["userName"] = $user_name;
$enc_pw = encrypt($_SESSION["salt"], $password_dec, $_SESSION["iv"]);
$_SESSION["enc_pw"] = $enc_pw;
// Set two cookies on the client machine.
setcookie("userName", $user_name, time() + 28800, "/", "", 0);
setcookie("password", $enc_pw, time() + 28800, "/", "", 0);
return $this->render('TestCMSCMSBundle:Default:create_content.html.twig');
}
}
