//Build the interface $params = new SimpleObject\OdaPrepareInterface(); $params->arrayInput = array("login", "mdp"); $ODA_INTERFACE = new OdaLibInterface($params); //-------------------------------------------------------------------------- // vendor/happykiller/oda/resources/api/getAuth.php?milis=123450&login=VIS&mdp=VIS //-------------------------------------------------------------------------- $params = new SimpleObject\OdaPrepareReqSql(); $params->sql = "select a.`id_rang`, a.`code_user`, a.`password`, a.`mail`\n from `api_tab_utilisateurs` a\n where 1=1\n and a.`code_user` = :code_user\n;"; $params->bindsValue = ["code_user" => $ODA_INTERFACE->inputs["login"]]; $params->typeSQL = OdaLibBd::SQL_GET_ONE; $retour = $ODA_INTERFACE->BD_ENGINE->reqODASQL($params); if (!$retour->data) { $ODA_INTERFACE->dieInError('Auth impossible.(user unknown)', $ODA_INTERFACE::STATE_ERROR_AUTH); } else { if (OdaLib::startsWith($ODA_INTERFACE->inputs["mdp"], "authByGoogle-")) { $mail = str_replace("authByGoogle-", "", $ODA_INTERFACE->inputs["mdp"]); if ($mail !== $retour->data->mail) { $ODA_INTERFACE->dieInError('Auth impossible.(mail incorrect)', $ODA_INTERFACE::STATE_ERROR_AUTH); } } } $key = $ODA_INTERFACE->buildSession(array('code_user' => $ODA_INTERFACE->inputs["login"], 'password' => $ODA_INTERFACE->inputs["mdp"], 'dbPassword' => $retour->data->password)); $data = new stdClass(); $data->id_rang = $retour->data->id_rang; $data->code_user = $retour->data->code_user; $data->keyAuthODA = $key; $retour->data = $data; //-------------------------------------------------------------------------- $params = new \stdClass(); $params->label = "resultat";
/** * buildSession * @param array $p_params * @param array $p_params[code_user] * @param array $p_params[password] * @param array $p_params[dbPassword] * @return string */ public function buildSession($p_params) { try { $v_code_user = $p_params["code_user"]; $v_key = ""; //Detruit les veilles clés $params = new SimpleObject\OdaPrepareReqSql(); $params->sql = "DELETE FROM `api_tab_session`\n WHERE 1=1\n AND `datas` like '%\"code_user\":\"" . $v_code_user . "\"%'\n AND (`dateCreation` + INTERVAL `periodeValideMinute` MINUTE) < NOW()\n AND `periodeValideMinute` != 0\n ;"; $params->typeSQL = OdaLibBd::SQL_SCRIPT; $retour = $this->BD_AUTH->reqODASQL($params); //Vérifie la présence d'une clé $params = new SimpleObject\OdaPrepareReqSql(); $params->sql = "SELECT *\n FROM `api_tab_session` a\n WHERE 1=1\n AND a.`datas` like '%\"code_user\":\"" . $v_code_user . "\"%'\n AND (a.`dateCreation` + INTERVAL a.`periodeValideMinute` MINUTE) > NOW()\n ;"; $params->typeSQL = OdaLibBd::SQL_GET_ONE; $retour = $this->BD_AUTH->reqODASQL($params); if ($retour->data) { $v_key = $retour->data->key; } else { //Check log pass $checkPass = true; if (!OdaLib::startsWith($p_params['password'], "authByGoogle-")) { $checkPass = password_verify($p_params['password'], $p_params['dbPassword']); } if ($checkPass) { //Construit une nouvelle clé $v_strDate = \date('YmdHis'); $v_key = \md5($v_code_user . "_" . $v_strDate); $json = new stdClass(); $json->code_user = $v_code_user; $json->date = $v_strDate; $params = new SimpleObject\OdaPrepareReqSql(); $params->sql = "INSERT INTO `api_tab_session`(\n `id` ,\n `key` ,\n `datas` ,\n `dateCreation` ,\n `periodeValideMinute`\n )\n VALUES (\n NULL , '" . $v_key . "', '" . \json_encode($json) . "', NOW(), 720\n )\n ;"; $params->typeSQL = OdaLibBd::SQL_INSERT_ONE; $retour = $this->BD_ENGINE->reqODASQL($params); } else { $this->dieInError('Auth impossible.(Password wrong)', self::STATE_ERROR_AUTH); } } return $v_key; } catch (Exception $ex) { $this->object_retour->strErreur = $ex . ''; $this->object_retour->statut = self::STATE_ERROR; die; } }