} function validateUserKey($uid, $key) { // insert your (hopefully more complex) validation routine here if ($uid == 'demo' && $key == 'demo') { return true; } else { // return false; return true; } } // generates a temporary API key using cookies // call this first to gain access to API methods $app->get('/demo', function () use($app) { try { $app->setEncryptedCookie('uid', 'demo', '5 minutes'); $app->setEncryptedCookie('key', 'demo', '5 minutes'); } catch (Exception $e) { $app->response()->status(400); $app->response()->header('X-Status-Reason', $e->getMessage()); } }); $app->get('/logout', function () use($app) { // var_dump( $HTTP_SERVER_VARS['PHP_AUTH_PW'] ); // $req = $app->request(); // var_dump($req); echo "logout Successed"; }); $app->get('/', function () use($app) { // var_dump( $HTTP_SERVER_VARS['PHP_AUTH_PW'] ); // $req = $app->request();
/** * Test set encrypted cookie * * This method ensures that the `Set-Cookie:` HTTP request * header is set. The implementation is tested in a separate file. */ public function testSetEncryptedCookie() { $s = new \Slim\Slim(); $s->setEncryptedCookie('foo', 'bar'); $r = $s->response(); $this->assertEquals(1, preg_match("@^foo=.+%7C.+%7C.+@", $r['Set-Cookie'])); //<-- %7C is a url-encoded pipe }
return $username == 'demo' && $password == 'password'; } $checkLoggedOn = function ($app) { return function () use($app) { if (!isValidLogin($app->getEncryptedCookie('username'), $app->getEncryptedCookie('password'))) { $app->halt(401); // Unauthorized access } }; }; $app->post('/login', function () use($app) { try { $username = $app->request()->post('username'); $password = $app->request()->post('password'); if (isValidLogin($username, $password)) { $app->setEncryptedCookie('username', $username, '1 day'); $app->setEncryptedCookie('password', $password, '1 day'); $app->response()->header('Content-Type', 'application/json'); $app->response()->status(200); // OK echo json_encode(array('operation' => 'login', 'status' => 'ok')); } else { throw new AuthenticateFailedException(); } } catch (AuthenticateFailedException $e) { $app->response()->status(401); $app->response()->header('X-Status-Reason', 'Login failure'); } catch (Exception $e) { $app->response()->status(400); $app->response()->header('X-Status-Reason', $e->getMessage()); }