/** * Checking user login * @param String $email User login email id * @param String $password User login password * @return boolean User login status success/fail */ public function checkLogin($userName, $passwordInReq) { $query = "select user_name,password FROM ch_register_profile_master WHERE user_name = :username OR email_id = :emailId OR mobile_number = :mobileNo ORDER BY first_name"; // echo $query; $db = DB::getInstance(); $s = $db->prepare($query); $s->bindParam(':username', $userName, PDO::PARAM_STR); $s->bindParam(":emailId", $userName, PDO::PARAM_STR); $s->bindParam(":mobileNo", $userName, PDO::PARAM_STR); $s->execute(); // echo $s->fetchColumn(0); $num_rows = $s->rowCount(); if ($num_rows > 0) { $password_hash = $s->fetchColumn(1); //echo '1'; if (passwordHash::check_password($password_hash, $passwordInReq)) { // User password is correct //echo 'correct'; return TRUE; } else { // user password is incorrect //echo 'notcorrect'; return FALSE; } } }
} }); $app->post('/resetPassword', function () use($app) { require_once 'passwordHash.php'; $response = array(); $r = json_decode($app->request->getBody()); $password_non = $r->password; if (strtolower($password) == $password_non) { $response["status"] = "error"; $response["message"] = "Need at least 1 capital letter in password"; echoResponse(201, $response); $app->stop(); } if (!preg_match('/[0-9]+/', $password_non)) { $response["status"] = "error"; $response["message"] = "Need at least 1 number in password"; echoResponse(201, $response); $app->stop(); } $password = passwordHash::hash($password_non); $key = $r->key; $db = new DbHandler(); $dbemail = $db->getOneRecord("select email from confirm where validation_key='{$key}'"); $email = $dbemail['email']; $dbuid = $db->getOneRecord("select uid from users where email='{$email}'"); $uid = $dbuid['uid']; $db->updateOneRecord("update users set password = '******' where uid='{$uid}'"); $response["status"] = "success"; $response["message"] = "Account password sucessfully reset."; echoResponse(200, $response); });
echoResponse(200, $response); }); $app->post('/signUp', function () use($app) { $response = array(); $r = json_decode($app->request->getBody()); verifyRequiredParams(array('email', 'name', 'password'), $r->user); require_once 'passwordHash.php'; $db = new DbHandler(); $phone = $r->user->phone; $name = $r->user->name; $email = $r->user->email; $address = $r->user->address; $password = $r->user->password; $isUserExists = $db->getOneRecord("select 1 from users where phone='{$phone}' or email='{$email}'"); if (!$isUserExists) { $r->user->password = passwordHash::hash($password); $tabble_name = "users"; $column_names = array('phone', 'name', 'email', 'password', 'city', 'address'); $result = $db->insertIntoTable($r->user, $column_names, $tabble_name); if ($result != NULL) { $response["status"] = "success"; $response["message"] = "User account created successfully"; $response["uid"] = $result; if (!isset($_SESSION)) { session_start(); } $_SESSION['uid'] = $response["uid"]; $_SESSION['phone'] = $phone; $_SESSION['name'] = $name; $_SESSION['email'] = $email; echoResponse(200, $response);
echoResponse(200, $response); }); $app->post('/signUp', function () use($app) { $response = array(); $r = json_decode($app->request->getBody()); verifyRequiredParams(array('email', 'name', 'password'), $r->customer); require_once 'passwordHash.php'; $db = new DbHandler(); $phone = $r->customer->phone; $name = $r->customer->name; $email = $r->customer->email; $address = $r->customer->address; $password = $r->customer->password; $isUserExists = $db->getOneRecord("select 1 from customers_auth where phone='{$phone}' or email='{$email}'"); if (!$isUserExists) { $r->customer->password = passwordHash::hash($password); $tabble_name = "customers_auth"; $column_names = array('phone', 'name', 'email', 'password', 'city', 'address'); $result = $db->insertIntoTable($r->customer, $column_names, $tabble_name); if ($result != NULL) { $response["status"] = "success"; $response["message"] = "User account created successfully"; $response["uid"] = $result; if (!isset($_SESSION)) { session_start(); } $_SESSION['uid'] = $response["uid"]; $_SESSION['phone'] = $phone; $_SESSION['name'] = $name; $_SESSION['email'] = $email; echoResponse(200, $response);
$query = $query . ", type='{$type}' where id ={$id};"; $response = $db->executeNoResponse($query); echoResponse(201, $response); } }); $app->post('/utilisateur', function () use($app) { $response = array(); $r = json_decode($app->request->getBody()); // verifyRequiredParams(array('email', 'name', 'mdp'),$r->utilisateur); // require_once 'mdpHash.php'; $db = new DbHandler(); $nom = $r->utilisateur->nom; $prenom = $r->utilisateur->prenom; $identifiant = $r->utilisateur->identifiant; $mdp = $r->utilisateur->mdp; $mdp = passwordHash::hash($mdp); $id_etude = 'NULL'; if (isset($r->utilisateur->id_etude)) { $id_etude = $r->utilisateur->id_etude; } $type = $r->utilisateur->type; $id_laboratoire = 'NULL'; if (isset($r->utilisateur->id_laboratoire)) { $id_laboratoire = $r->utilisateur->id_laboratoire; } $query = "select * from utilisateur where identifiant='{$identifiant}'"; $response = $db->execute($query); if ($response) { echoResponse(400, "L'identifiant existe."); } else { $query = "INSERT INTO utilisateur (id, nom, prenom, identifiant, mdp, type, id_laboratoire, id_etude) \r\n\t VALUES (NULL, '{$nom}', '{$prenom}', '{$identifiant}', '{$mdp}', '{$type}', '{$id_laboratoire}','{$id_etude}')";
// Establece la clave del usuario que se solicite. $app->post('/userSetclave', 'sessionAlive', function () use($app) { // Recupera los datos de la forma // $r = json_decode($app->request->getBody()); $user = $r->user->nombreUsuario; $clave1 = $r->user->clave1; $r2 = array(); $response = array(); // $db = new DbHandler(); $usuario = $db->get1Record("call sp_sel_seg_usuario( '{$user}' )"); if ($usuario != NULL) { $column_names = array('id', 'clave2'); $r2['id'] = $usuario['id']; $r2['clave2'] = passwordHash::hash(str_rot13($r->user->clave2)); $resId = $db->updateRecord("call sp_upd_seg_usuario_clave(?,?)", $r2, $column_names, 'is'); if ($resId == 1) { $response['status'] = "info"; $response['message'] = 'La clave ha sido actualizada'; } else { $response['status'] = "error"; $response['message'] = 'No pudo actualizarse la Clave'; } } else { $response['status'] = "error"; $response['message'] = 'No se pudo validar al usuario'; } echoResponse(200, $response); }); $app->get('/userD/:id', 'sessionAlive', function ($id) use($app) {
/** * * @param string $name plain text password * * @dataProvider passwordProvider * @covers el_api_v1\passwordHash::check_password * @todo Implement testCheck_password($password). * */ public function testCheck_password($password) { $originalHash = $this->object->hash($password); $this->assertTrue($this->object->check_password($originalHash, $password)); }
$r = json_decode($app->request->getBody()); verifyRequiredParams(array('username', 'password'), $r); //cambio el nombre customer por user $clave = str_rot13($r->password); $user = $r->username; $response = array(); // // Verifica si los datos existen en la base de datos. // $db = new DbHandler(); $usuario = $db->get1Record("call sp_sel_seg_usuario( '{$user}' )"); $opciones = array(); // call sp_sel_seg_usuario( ? ) pusuario if ($usuario != NULL) { //if($clave == $usuario['clave']/*passwordHash::check_password($usuario['clave'],$clave)*/){ if (passwordHash::check_password($usuario['clave'], $clave)) { $response['status'] = "success"; $response['message'] = 'Ha ingresado al sistema.'; $response['name'] = $usuario['nombre']; $id = $response['uid'] = $usuario['id']; $response['email'] = $usuario['email']; $response['nombres'] = $usuario['nombres']; $response['apellidos'] = $usuario['apellidos']; $response['idrol'] = $usuario['idrol']; $idrol = $usuario['idrol']; $response['rol'] = $usuario['rol']; $response['idorganizacion'] = $usuario['idorganizacion']; $response['organizacion'] = $usuario['organizacion']; $response['idestado'] = $usuario['idestado']; $response['estado'] = $usuario['estado']; $response['fecha'] = $usuario['fecha'];
$response["uid"] = $session['uid']; $response["email"] = $session['email']; $response["firstname"] = $session['firstname']; echoResponse(200, $session); }); $app->post('/login', function () use($app) { require_once 'passwordHash.php'; $r = json_decode($app->request->getBody()); verifyRequiredParams(array('email', 'password'), $r->customer); $response = array(); $db = new DbHandler(); $password = $r->customer->password; $email = $r->customer->email; $user = $db->getOneRecord("select uid,firstname,email,created from customers_auth where email='{$email}'"); if ($user != NULL) { if (passwordHash::check_password($user['password'], $password)) { $response['status'] = "success"; $response['message'] = 'Logged in successfully.'; $response['firstname'] = $user['firstname']; $response['uid'] = $user['uid']; $response['email'] = $user['email']; $response['createdAt'] = $user['created']; if (!isset($_SESSION)) { session_start(); } $_SESSION['uid'] = $user['uid']; $_SESSION['email'] = $email; $_SESSION['firstname'] = $user['firstname']; } else { $response['status'] = "error"; $response['message'] = 'Login failed. Incorrect credentials';
$app = new \Slim\Slim(); //https://en.wikipedia.org/wiki/List_of_HTTP_status_codes // $app->post('/login', 'loginOpn'); $app->post('/signUp', 'authenticate', function () use($app) { // check for required params verifyRequiredParams(array('firstName', 'surName', 'mobileNumber', 'emailId', 'userName', 'Password', 'gender')); $response = array(); // reading post params $firstName = $app->request->post('firstName'); $surName = $app->request->post('surName'); $mobileNumber = $app->request->post('mobileNumber'); $emailId = $app->request->post('emailId'); $userName = $app->request->post('userName'); $password = $app->request->post('password'); $gender = $app->request->post('gender'); $password_hash = passwordHash::hash($password); echo $password_hash; // validating email address // validateEmail($email); $db = new DbHandler(); $profileMaster = new profile_master(); $profileMaster->setFirstName($firstName); $profileMaster->setLastName($surName); $profileMaster->setMobileNumber($mobileNumber); $profileMaster->setEmailId($emailId); $profileMaster->setUserName($userName); $profileMaster->setPassword($password_hash); $profileMaster->setStatus('00'); $profileMaster->setGender($gender); $profileMaster->setLastOpuser('admin'); if (!$db->isUserExists($emailId)) {