/**
* Method to fetch Authenticated user
*
* Fech a record for a specific authenticated user
* by Username and password
*
* @url GET authenticate/{username}/{password}
* @url POST authenticate
* @smart-auto-routing false
*
* @access public
* @throws 403 User cannot be authenticated
* @param string $username User to be fetched
* @param string $password Authentication Password
* @return mixed
*/
public function authenticate($username, $password, $api_call = false)
{
$db = DataConnection::readOnly();
$user = $db->user()->where("username", $username)->and("status > ?", 0)->limit(1)->fetch();
if (count($user) > 0) {
//Authenticating password
$pwHasher = new Phpass\PasswordHash(8, false);
$passed = $pwHasher->CheckPassword($password, $user['password']);
if ($passed) {
$res = array();
foreach ($user as $field => $value) {
if ($field != "password") {
$res[$field] = $value;
}
$this->{$field} = $value;
}
$res['granted'] = true;
$this->granted = true;
return $res;
} else {
$this->granted = false;
if ($api_call) {
throw new Luracast\Restler\RestException(403, 'Unable to authenticate user');
}
}
} else {
$this->granted = false;
if ($api_call) {
throw new Luracast\Restler\RestException(403, 'Unable to authenticate user');
}
}
}
/**
* Method to fetch Authenticated user
*
* Fech a record for a specific authenticated user
* by Username and password
*
* @url GET authenticate/{username}/{password}
* @url POST authenticate
* @smart-auto-routing false
*
* @access public
* @throws 403 User cannot be authenticated
* @param string $username User to be fetched
* @param string $password Authentication Password
* @return mixed
*/
public function authenticate($username, $password, $api_call = false)
{
$pdo = new PDO(NATURAL_PDO_DSN_READ, NATURAL_PDO_USER_READ, NATURAL_PDO_PASS_READ);
$sql = "select u.*, al.access_level\n\t\t\t\t\t\t\t\t from church_link cl\n\t\t\t\t\t\t\t\t left outer join user u on u.id = cl.user_id\n\t\t\t\t\t\t\t\t left outer join acl_levels al on al.id = cl.acl_levels_id\n\t\t\t\t\t\t\t\t where u.username = '******'";
$conn = $pdo->prepare($sql);
$conn->execute();
$user = $conn->fetchAll(PDO::FETCH_ASSOC);
if (count($user) > 0) {
//Authenticating password
$pwHasher = new Phpass\PasswordHash(8, false);
$passed = $pwHasher->CheckPassword($password, $user[0]['password']);
if ($passed) {
$res = array();
foreach ($user[0] as $field => $value) {
if ($field != "password") {
$res[$field] = $value;
}
$this->{$field} = $value;
}
$res['granted'] = true;
$this->granted = true;
return $res;
} else {
$this->granted = false;
if ($api_call) {
throw new Luracast\Restler\RestException(403, 'Unable to authenticate user');
}
}
} else {
$this->granted = false;
if ($api_call) {
throw new Luracast\Restler\RestException(403, 'Unable to authenticate user');
}
}
}
