} else { logExit("Bad request method. POST/json required", "Bad request method. POST/json required"); } if (empty($json->username) or empty($json->password) or empty($json->clientToken)) { logExit("[auth16x.php] login process [Empty input] [ " . (empty($json->username) ? 'LOGIN ' : '') . (empty($json->password) ? 'PASSWORD ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]"); } loadTool('user.class.php'); DBinit('auth'); $login = $json->username; $password = $json->password; $clientToken = $json->clientToken; if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $password) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) { logExit("[auth16x.php] login process [Bad symbols] User [{$login}] Password [{$password}] clientToken [{$clientToken}]"); } $BD_Field = strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']; $auth_user = new User($login, $BD_Field); if (!$auth_user->id()) { logExit("[auth16.php] login process [Unknown user] User [{$login}] Password [{$password}]"); } if ($auth_user->lvl() <= 1) { exit("Bad login"); } if (!$auth_user->authenticate($password)) { logExit("[auth16.php] login process [Wrong password] User [{$login}] Password [{$password}]"); } $sessid = generateSessionId(); getDB()->ask("UPDATE `{$bd_names['users']}` SET " . "`{$bd_users['session']}`=:session , " . "`{$bd_users['clientToken']}`=:token " . "WHERE `{$BD_Field}`=:login", array('session' => $sessid, 'login' => $login, 'token' => $clientToken)); vtxtlog("[auth16.php] login process [Success] User [{$login}] Session [{$sessid}] clientToken[{$clientToken}]"); $profile = array('id' => $auth_user->id(), 'name' => $auth_user->name()); $responce = array('clientToken' => $clientToken, 'accessToken' => $sessid, 'availableProfiles' => array(0 => $profile), 'selectedProfile' => $profile); exit(json_encode($responce));
function logExit($text, $output = "Bad login") { vtxtlog($text); exit($output); } if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) { $json = json_decode($HTTP_RAW_POST_DATA); } else { logExit("Bad request method. POST/json required", "Bad request method. POST/json required"); } if (empty($json->accessToken) or empty($json->clientToken)) { logExit("[invalidate16x.php] invalidate process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]"); } loadTool('user.class.php'); DBinit('auth'); $sessionid = $json->accessToken; $clientToken = $json->clientToken; if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) { logExit("[invalidate16x.php] login process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]"); } $sql = "SELECT `{$bd_names['email']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:sessionid AND `{$bd_users['clientToken']}`=:token"; $result = getDB()->fetchRow($sql, array('sessionid' => $sessionid, 'token' => $clientToken), 'num'); if (!$result) { logExit("[invalidate16x.php] invalidate process, wrong accessToken/clientToken pair"); } $login = $result[0]; $auth_user = new User($login, $bd_users['email']); $sql = "UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='' " . "WHERE `{$bd_users['email']}`=:email"; getDB()->ask($sql, array('email' => $login)); vtxtlog("[invalidate16x.php] refresh process [Success] User [{$login}] Invalidate Session [{$sessionid}] clientToken[{$clientToken}]"); exit;
{ vtxtlog($text); exit($output); } if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) { $json = json_decode($HTTP_RAW_POST_DATA); } else { logExit("Bad request method. POST/json required", "Bad request method. POST/json required"); } if (empty($json->accessToken) or empty($json->clientToken)) { logExit("[refresh16x.php] refresh process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]"); } loadTool('user.class.php'); DBinit('auth'); $sessionid = $json->accessToken; $clientToken = $json->clientToken; if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) { logExit("[refresh16x.php] refresh process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]"); } $sql = "SELECT `{$bd_users['id']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['clientToken']}`=:token "; $result = getDB()->fetchRow($sql, array('token' => $clientToken, 'session' => $sessionid), 'num'); if (!$result) { logExit("[refresh16x.php] refresh process, wrong accessToken/clientToken pair [{$sessionid}] [{$clientToken}]"); } $auth_user = new User($result[0]); $sessid = generateSessionId(); getDB()->ask("UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='{$sessid}' WHERE `{$bd_users['id']}`='" . $auth_user->id() . "'"); $profile = array('id' => $auth_user->id(), 'name' => $auth_user->name()); vtxtlog("[refresh16x.php] refresh process [Success] User [{$profile['name']}] NewSession [{$sessid}] OldSession[{$sessionid}]"); $responce = array('clientToken' => $clientToken, 'accessToken' => $sessid, 'selectedProfile' => $profile); exit(json_encode($responce));