logError('incorrect request method ' . $requestMethod); internalErrorResponse(); return; } $userName = getIfExists($_POST, 'user-name'); $password = getIfExists($_POST, 'password'); if (!is_string($userName) || mb_strlen($userName) == 0) { validationErrorResponse(msg('no.username.error'), 'user-name'); return; } if (!is_string($password) || mb_strlen($password) == 0) { validationErrorResponse(msg('no.password.error'), 'password'); return; } if (mb_strlen($userName) > 20 || mb_strlen($password) > 20) { validationErrorResponse(msg('auth.failed.error')); return; } $userInfo = \storage\getUserInfoByName($userName); if (is_null($userInfo) || !array_key_exists('password', $userInfo) || !password_verify($password, $userInfo['password'])) { validationErrorResponse(msg('auth.failed.error')); return; } $userId = getIfExists($userInfo, 'id'); if (intval($userId) <= 0) { logError("user id should be a positive int but it is " . $userId); internalErrorResponse(); return; } \sessions\login($userId); successResponse();
$passwordMaxLength = getCommonConstant('password.max.length'); if (mb_strlen($password) < $passwordMinLength || mb_strlen($password) > $passwordMaxLength) { validationErrorResponse(msg('password.length.error', $passwordMinLength, $passwordMaxLength), 'password'); return; } if ($repeatPassword !== $password) { validationErrorResponse(msg('passwords.matching.error'), 'repeat-password'); return; } $intRole = intval($role); if ($intRole != $role || $intRole < 0 || $intRole > 1) { validationErrorResponse(msg('invalid.value'), 'role'); return; } $userId = \storage\getUserIdByName($userName); if (is_null($userId)) { internalErrorResponse(); return; } if ($userId != 0) { validationErrorResponse(msg('username.conflict.error'), 'user-name'); return; } $newUserId = \storage\addUser($userName, password_hash($password, PASSWORD_BCRYPT), $role); if ($newUserId == 0) { logError('cannot add new user into db'); internalErrorResponse(); return; } \sessions\login($newUserId); successResponse();