$app->post('/login', function () use($app) { // check for required params $toVerify = array('username', 'password'); R::verifyRequiredParams($toVerify); $app->add(new \Slim\Middleware\ContentTypes()); $response = array(); $code = 500; $body = $app->request()->getBody(); $request = json_decode($body, true); $username = $request['username']; $password = $request['password']; $oUser = new User(); // check for correct email and password if ($oUser->checkLogin($username, $password)) { // get the user by username $user = $oUser->getUserByUsername($username); if ($user != NULL) { $loginId = $user['LoginID']; $response['error'] = false; $response['login_id'] = $user['LoginID']; $response['username'] = $user['username']; $response['group_id'] = $user['GroupID']; $response['locale'] = $user['locale']; $public_key = $oUser->generateKeys($loginId, $username, $password); // field in DB is NULL by default, so let's check if they have been already created before. if ($public_key != NULL) { $response['public_key'] = $public_key; $code = 200; } else { $response['public_key'] = "could not create or read keys"; $code = 500;
<?php /** * Created by PhpStorm. * User: Kondziu * Date: 2016-02-06 * Time: 15:30 */ require_once '/../models/user.php'; use models\User; $user = $request->get('login'); $password = $request->get('password'); $user = User::getUserByUsername($user); if (isset($user)) { if (password_verify($password, $user->password)) { $_SESSION['user'] = $user->login; $_SESSION['admin'] = $user->admin; $_SESSION['loggedIn'] = true; header('Location: ' . str_replace('/login', '/', $request->getUri())); } else { $_SESSION['loggedIn'] = false; header('Location: ' . str_replace('/login', '/', $request->getUri())); } } die;