function validateAndCreateSession($unm, $pwd)
{
    // Connect to database and declare a query
    $conn = getDatabaseConnection();
    // Prepare statement to check for users with that name
    $statement = $conn->prepare('SELECT hashedpw
		FROM users WHERE username = :username', array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
    // Execute
    $statement->execute(array(':username' => $unm));
    $wps = $statement->fetchAll();
    // Done with DB part here, disconnect
    $conn = null;
    // A response that will be used below... let default be no-good
    $rsp = new JsonResponse_Str("Invalid username or password.");
    // If no users available, send that err
    if (count($wps) == 0) {
        $rsp->respondAndExit();
    }
    // Get hashed password (could check that only one user exists, but okay)
    $phash = $wps[0][0];
    if (password_verify($pwd, $phash)) {
        $rsp->setSuccessful();
        $rsp->specificString = $unm;
        // Put user name in specific string
        // If successful also create session
        createLogInSession($unm, $phash);
    }
    $rsp->respondAndExit();
}
Exemple #2
0
function getDatabaseConnection()
{
    $db_srvrname = "localhost";
    $db_username = "******";
    $db_password = "******";
    $db_dbasname = "homesite";
    // Create connection
    $conn = null;
    try {
        $conn = new PDO("mysql:host={$servername};dbname={$db_dbasname}", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch (PDOException $e) {
        // On error, this returns success false
        $eMsg = new JsonResponse_Str($e->getMessage());
        $eMsg->respondAndExit();
    }
    return $conn;
}
Exemple #3
0
function startTrippin()
{
    // Placeholder...
    $rsp = new JsonResponse_Str("Problem starting trip.");
    // Find user's current ID (note, guaranteed logged in by route middleware)
    $usrn = getSessionUserName();
    // Connect to database
    $conn = getDatabaseConnection();
    // Prepare statement to check for users with that name
    $statement = $conn->prepare('SELECT id
		FROM users WHERE username = :username', array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
    // Execute
    $statement->execute(array(':username' => $usrn));
    $wps = $statement->fetchAll();
    // Check in case current user is not in db somehow
    if (count($wps) == 0) {
        $rsp->errMessage = "No users returned with uname!";
        $rsp->respondAndExit();
    }
    $uid = $wps[0][0];
    // Now create a new trip with that user id, empty notes for now
    $statement = $conn->prepare('INSERT INTO trips (user, notes)
		VALUES(:userid, :nonotes)');
    // Execute with given user id
    $statement->execute(array(':userid' => $uid, ':nonotes' => ''));
    // Grab the trip id created, store in session variable
    $trid = $conn->lastInsertId();
    $_SESSION["tripid"] = $trid;
    // Start off point index at zero
    $_SESSION["triporderindex"] = 0;
    // Disconnect from db
    $conn = null;
    /* Send back trip id to user for diagnostic purposes, but never accept
     * client's word on what his trip id is - use server-side _SESSION copy. */
    $rsp->specificString = $trid;
    $rsp->setSuccessful();
    $rsp->respondAndExit();
}
Exemple #4
0
<?php

require_once 'utils.php';
$testR = new JsonResponse_Str("Hello world!");
$testR->setSuccessful();
$testR->respondAndExit();