function execute($request)
{
    $username = $request['form']['login_username'] . '';
    $password = $request['form']['login_password'] . '';
    $error = null;
    if (strlen($username) > 0) {
        $result = api_account_create_session($username, $password, 'web', $request['ip'], 14 * 24);
        // two weeks
        if ($result['OK']) {
            $expire = time() + 365 * 24 * 3600;
            setcookie('npclient', 'web', $expire);
            setcookie('nptoken', $result['token'], $expire);
            return build_response_moved_temporarily('/');
        } else {
            switch ($result['message']) {
                case 'WRONG_PASSWORD':
                    $error = "Bad password. Did you forget it?";
                    break;
                default:
                    $error = "Server returned error code: " . $result['message'];
                    break;
            }
        }
    }
    $output = array('<h1>Log in</h1>', $error == null ? '' : nl2br(htmlspecialchars($error)), '<form action="/login" method="post">', 'Username: <input type="text" name="login_username" value="' . htmlspecialchars($username) . '"/><br />', 'Password: <input type="password" name="login_password" /><br />', '<input type="submit" name="submit" value="Login" />', '</form>');
    return build_response_ok("Log In", implode("\n", $output));
}
Exemple #2
0
/**
 * Gets information about the raw HTTP request.
 */
function get_http_request()
{
    $url_parts = get_url_parts();
    $path = '/' . implode('/', $url_parts);
    $is_logout = $path == '/logout';
    $method = strtoupper(trim($_SERVER['REQUEST_METHOD']));
    $verified_user_id = 0;
    $login_id = null;
    $name = null;
    $is_admin = false;
    $ip = trim($_SERVER['REMOTE_ADDR']);
    $content = null;
    $form = array();
    $content_type = null;
    $raw_content = null;
    $files = array();
    $cookies = array();
    foreach ($_COOKIE as $k => $v) {
        $cookies[$k] = $v;
    }
    if ($method != 'GET') {
        $content_type = trim(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : $_SERVER['HTTP_CONTENT_TYPE']);
        if (strpos($content_type, 'application/x-www-form-urlencoded') === 0 || strpos($content_type, 'multipart/form-data') === 0) {
            foreach ($_POST as $key => $value) {
                $form[$key] = $value;
            }
            foreach ($_FILES as $key => $value) {
                $file_info = array('id' => $key, 'mime' => $value['type'], 'type' => get_file_type($value['type']), 'size' => $value['size'], 'path' => $value['tmp_name'], 'is_image' => false);
                if ($file_info['type'] == 'PNG' || $file_info['type'] == 'JPEG' || $file_info['type'] == 'GIF') {
                    $file_info['is_image'] = true;
                    $dim = @getimagesize($file_info['path']);
                    if (is_array($dim) && count($dim) >= 2) {
                        $file_info['image_width'] = $dim[0];
                        $file_info['image_height'] = $dim[1];
                    }
                }
                array_push($files, $file_info);
            }
        } else {
            $raw_content = file_get_contents('php://input');
        }
    }
    $session_token = trim($cookies['nptoken']);
    $client = trim($cookies['npclient']);
    $ttl_hours = 24 * 30;
    // change this for other clients upon request.
    if (!$is_logout && isset($form['login_username'])) {
        $login_result = api_account_create_session($login_result['name'], $form['login_password'], $client, $ip, $ttl_hours);
        if ($login_result['status'] == 'OK') {
            $user_id = $login_result['user_id'];
            $session_token = $login_result['token'];
        }
    }
    $login_failure = false;
    $user_info = null;
    if (!$is_logout && strlen($session_token) > 0) {
        $user_info = api_account_authenticate_with_session($session_token, $ip);
        if ($user_info['status'] != 'OK') {
            $user_info = null;
            $login_failure = true;
        }
    }
    if ($user_info !== null) {
        $verified_user_id = $user_info['user_id'];
        $is_admin = $user_info['is_admin'];
        $login_id = $user_info['login_id'];
        $name = $user_info['name'];
        $avatar = $user_info['avatar'];
    }
    if ($is_logout) {
        $session_token = '';
    }
    setcookie('npclient', 'web', $expire);
    setcookie('nptoken', $session_token, $expire);
    return array('method' => $method, 'path' => $path, 'path_parts' => $url_parts, 'user_id' => $verified_user_id, 'login_id' => $login_id, 'logged_in' => $verified_user_id > 0, 'login_failure' => $login_failure, 'name' => $name, 'is_admin' => $is_admin, 'content_type' => $content_type, 'form' => $form, 'raw_content' => $raw_content, 'files' => $files, 'cookies' => $cookies, 'ip' => $ip, 'avatar' => $avatar, 'now' => time());
}