/**
* Checking user login
* @param String $email User login email id
* @param String $password User login password
* @return boolean User login status success/fail
*/
public function checkLogin($userName, $passwordInReq)
{
$query = "select user_name,password FROM ch_register_profile_master WHERE user_name = :username OR email_id = :emailId OR mobile_number = :mobileNo ORDER BY first_name";
// echo $query;
$db = DB::getInstance();
$s = $db->prepare($query);
$s->bindParam(':username', $userName, PDO::PARAM_STR);
$s->bindParam(":emailId", $userName, PDO::PARAM_STR);
$s->bindParam(":mobileNo", $userName, PDO::PARAM_STR);
$s->execute();
// echo $s->fetchColumn(0);
$num_rows = $s->rowCount();
if ($num_rows > 0) {
$password_hash = $s->fetchColumn(1);
//echo '1';
if (passwordHash::check_password($password_hash, $passwordInReq)) {
// User password is correct
//echo 'correct';
return TRUE;
} else {
// user password is incorrect
//echo 'notcorrect';
return FALSE;
}
}
}
}
});
$app->post('/resetPassword', function () use($app) {
require_once 'passwordHash.php';
$response = array();
$r = json_decode($app->request->getBody());
$password_non = $r->password;
if (strtolower($password) == $password_non) {
$response["status"] = "error";
$response["message"] = "Need at least 1 capital letter in password";
echoResponse(201, $response);
$app->stop();
}
if (!preg_match('/[0-9]+/', $password_non)) {
$response["status"] = "error";
$response["message"] = "Need at least 1 number in password";
echoResponse(201, $response);
$app->stop();
}
$password = passwordHash::hash($password_non);
$key = $r->key;
$db = new DbHandler();
$dbemail = $db->getOneRecord("select email from confirm where validation_key='{$key}'");
$email = $dbemail['email'];
$dbuid = $db->getOneRecord("select uid from users where email='{$email}'");
$uid = $dbuid['uid'];
$db->updateOneRecord("update users set password = '******' where uid='{$uid}'");
$response["status"] = "success";
$response["message"] = "Account password sucessfully reset.";
echoResponse(200, $response);
});
echoResponse(200, $response);
});
$app->post('/signUp', function () use($app) {
$response = array();
$r = json_decode($app->request->getBody());
verifyRequiredParams(array('email', 'name', 'password'), $r->user);
require_once 'passwordHash.php';
$db = new DbHandler();
$phone = $r->user->phone;
$name = $r->user->name;
$email = $r->user->email;
$address = $r->user->address;
$password = $r->user->password;
$isUserExists = $db->getOneRecord("select 1 from users where phone='{$phone}' or email='{$email}'");
if (!$isUserExists) {
$r->user->password = passwordHash::hash($password);
$tabble_name = "users";
$column_names = array('phone', 'name', 'email', 'password', 'city', 'address');
$result = $db->insertIntoTable($r->user, $column_names, $tabble_name);
if ($result != NULL) {
$response["status"] = "success";
$response["message"] = "User account created successfully";
$response["uid"] = $result;
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['uid'] = $response["uid"];
$_SESSION['phone'] = $phone;
$_SESSION['name'] = $name;
$_SESSION['email'] = $email;
echoResponse(200, $response);
echoResponse(200, $response);
});
$app->post('/signUp', function () use($app) {
$response = array();
$r = json_decode($app->request->getBody());
verifyRequiredParams(array('email', 'name', 'password'), $r->customer);
require_once 'passwordHash.php';
$db = new DbHandler();
$phone = $r->customer->phone;
$name = $r->customer->name;
$email = $r->customer->email;
$address = $r->customer->address;
$password = $r->customer->password;
$isUserExists = $db->getOneRecord("select 1 from customers_auth where phone='{$phone}' or email='{$email}'");
if (!$isUserExists) {
$r->customer->password = passwordHash::hash($password);
$tabble_name = "customers_auth";
$column_names = array('phone', 'name', 'email', 'password', 'city', 'address');
$result = $db->insertIntoTable($r->customer, $column_names, $tabble_name);
if ($result != NULL) {
$response["status"] = "success";
$response["message"] = "User account created successfully";
$response["uid"] = $result;
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['uid'] = $response["uid"];
$_SESSION['phone'] = $phone;
$_SESSION['name'] = $name;
$_SESSION['email'] = $email;
echoResponse(200, $response);
$query = $query . ", type='{$type}' where id ={$id};";
$response = $db->executeNoResponse($query);
echoResponse(201, $response);
}
});
$app->post('/utilisateur', function () use($app) {
$response = array();
$r = json_decode($app->request->getBody());
// verifyRequiredParams(array('email', 'name', 'mdp'),$r->utilisateur);
// require_once 'mdpHash.php';
$db = new DbHandler();
$nom = $r->utilisateur->nom;
$prenom = $r->utilisateur->prenom;
$identifiant = $r->utilisateur->identifiant;
$mdp = $r->utilisateur->mdp;
$mdp = passwordHash::hash($mdp);
$id_etude = 'NULL';
if (isset($r->utilisateur->id_etude)) {
$id_etude = $r->utilisateur->id_etude;
}
$type = $r->utilisateur->type;
$id_laboratoire = 'NULL';
if (isset($r->utilisateur->id_laboratoire)) {
$id_laboratoire = $r->utilisateur->id_laboratoire;
}
$query = "select * from utilisateur where identifiant='{$identifiant}'";
$response = $db->execute($query);
if ($response) {
echoResponse(400, "L'identifiant existe.");
} else {
$query = "INSERT INTO utilisateur (id, nom, prenom, identifiant, mdp, type, id_laboratoire, id_etude) \r\n\t VALUES (NULL, '{$nom}', '{$prenom}', '{$identifiant}', '{$mdp}', '{$type}', '{$id_laboratoire}','{$id_etude}')";
// Establece la clave del usuario que se solicite.
$app->post('/userSetclave', 'sessionAlive', function () use($app) {
// Recupera los datos de la forma
//
$r = json_decode($app->request->getBody());
$user = $r->user->nombreUsuario;
$clave1 = $r->user->clave1;
$r2 = array();
$response = array();
//
$db = new DbHandler();
$usuario = $db->get1Record("call sp_sel_seg_usuario( '{$user}' )");
if ($usuario != NULL) {
$column_names = array('id', 'clave2');
$r2['id'] = $usuario['id'];
$r2['clave2'] = passwordHash::hash(str_rot13($r->user->clave2));
$resId = $db->updateRecord("call sp_upd_seg_usuario_clave(?,?)", $r2, $column_names, 'is');
if ($resId == 1) {
$response['status'] = "info";
$response['message'] = 'La clave ha sido actualizada';
} else {
$response['status'] = "error";
$response['message'] = 'No pudo actualizarse la Clave';
}
} else {
$response['status'] = "error";
$response['message'] = 'No se pudo validar al usuario';
}
echoResponse(200, $response);
});
$app->get('/userD/:id', 'sessionAlive', function ($id) use($app) {
/**
*
* @param string $name plain text password
*
* @dataProvider passwordProvider
* @covers el_api_v1\passwordHash::check_password
* @todo Implement testCheck_password($password).
*
*/
public function testCheck_password($password)
{
$originalHash = $this->object->hash($password);
$this->assertTrue($this->object->check_password($originalHash, $password));
}
$r = json_decode($app->request->getBody());
verifyRequiredParams(array('username', 'password'), $r);
//cambio el nombre customer por user
$clave = str_rot13($r->password);
$user = $r->username;
$response = array();
//
// Verifica si los datos existen en la base de datos.
//
$db = new DbHandler();
$usuario = $db->get1Record("call sp_sel_seg_usuario( '{$user}' )");
$opciones = array();
// call sp_sel_seg_usuario( ? ) pusuario
if ($usuario != NULL) {
//if($clave == $usuario['clave']/*passwordHash::check_password($usuario['clave'],$clave)*/){
if (passwordHash::check_password($usuario['clave'], $clave)) {
$response['status'] = "success";
$response['message'] = 'Ha ingresado al sistema.';
$response['name'] = $usuario['nombre'];
$id = $response['uid'] = $usuario['id'];
$response['email'] = $usuario['email'];
$response['nombres'] = $usuario['nombres'];
$response['apellidos'] = $usuario['apellidos'];
$response['idrol'] = $usuario['idrol'];
$idrol = $usuario['idrol'];
$response['rol'] = $usuario['rol'];
$response['idorganizacion'] = $usuario['idorganizacion'];
$response['organizacion'] = $usuario['organizacion'];
$response['idestado'] = $usuario['idestado'];
$response['estado'] = $usuario['estado'];
$response['fecha'] = $usuario['fecha'];
$response["uid"] = $session['uid'];
$response["email"] = $session['email'];
$response["firstname"] = $session['firstname'];
echoResponse(200, $session);
});
$app->post('/login', function () use($app) {
require_once 'passwordHash.php';
$r = json_decode($app->request->getBody());
verifyRequiredParams(array('email', 'password'), $r->customer);
$response = array();
$db = new DbHandler();
$password = $r->customer->password;
$email = $r->customer->email;
$user = $db->getOneRecord("select uid,firstname,email,created from customers_auth where email='{$email}'");
if ($user != NULL) {
if (passwordHash::check_password($user['password'], $password)) {
$response['status'] = "success";
$response['message'] = 'Logged in successfully.';
$response['firstname'] = $user['firstname'];
$response['uid'] = $user['uid'];
$response['email'] = $user['email'];
$response['createdAt'] = $user['created'];
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['uid'] = $user['uid'];
$_SESSION['email'] = $email;
$_SESSION['firstname'] = $user['firstname'];
} else {
$response['status'] = "error";
$response['message'] = 'Login failed. Incorrect credentials';
$app = new \Slim\Slim();
//https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
// $app->post('/login', 'loginOpn');
$app->post('/signUp', 'authenticate', function () use($app) {
// check for required params
verifyRequiredParams(array('firstName', 'surName', 'mobileNumber', 'emailId', 'userName', 'Password', 'gender'));
$response = array();
// reading post params
$firstName = $app->request->post('firstName');
$surName = $app->request->post('surName');
$mobileNumber = $app->request->post('mobileNumber');
$emailId = $app->request->post('emailId');
$userName = $app->request->post('userName');
$password = $app->request->post('password');
$gender = $app->request->post('gender');
$password_hash = passwordHash::hash($password);
echo $password_hash;
// validating email address
// validateEmail($email);
$db = new DbHandler();
$profileMaster = new profile_master();
$profileMaster->setFirstName($firstName);
$profileMaster->setLastName($surName);
$profileMaster->setMobileNumber($mobileNumber);
$profileMaster->setEmailId($emailId);
$profileMaster->setUserName($userName);
$profileMaster->setPassword($password_hash);
$profileMaster->setStatus('00');
$profileMaster->setGender($gender);
$profileMaster->setLastOpuser('admin');
if (!$db->isUserExists($emailId)) {
