<?php
//
use josegonzalez\Dotenv\Loader as Dotenv;
require '../vendor/autoload.php';
startSession();
loadDotEnv(__DIR__);
$authFactory = new \Aura\Auth\AuthFactory($_COOKIE);
$auth = $authFactory->newInstance();
//
//
$pdo = \defaultTodoPdo();
$cols = array('username', 'password', 'email', 'fullname', 'website');
$from = 'users';
$where = 'active = 1';
$hash = new \Aura\Auth\Verifier\PasswordVerifier(PASSWORD_DEFAULT);
$pdoAdapter = $authFactory->newPdoAdapter($pdo, $hash, $cols, $from, $where);
//
$loginService = $authFactory->newLoginService($pdoAdapter);
try {
if (isset($_POST['username']) && isset($_POST['password'])) {
$loginService->login($auth, array('username' => $_POST['username'], 'password' => $_POST['password']));
$auth->setUserName($_POST['username']);
}
} catch (\Aura\Auth\Exception\UsernameMissing $e) {
echo "The 'username' field is missing or empty.";
} catch (\Aura\Auth\Exception\PasswordMissing $e) {
echo "The 'password' field is missing or empty.";
} catch (\Aura\Auth\Exception\UsernameNotFound $e) {
echo "The username you entered was not found.";
} catch (\Aura\Auth\Exception\MultipleMatches $e) {
<?php
require '../vendor/autoload.php';
startSession();
loadDotEnv(__DIR__);
$authFactory = new Aura\Auth\AuthFactory($_COOKIE);
$auth = $authFactory->newInstance();
//
$logoutService = $authFactory->newLogoutService(null);
$logoutService->logout($auth);
if ($auth->isAnon()) {
echo "You are now logged out.";
} else {
echo "Something went wrong; you are still logged in.";
}
echo $auth->getStatus();
/**
* Check if the access request is authorized by a user. A request must either contain session data from
* a previous login or contain a HTTP Basic authorization info, which is then used to
* perform a login against the users table in the database.
* @return true if authorized else false
*/
protected function is_authorized()
{
$app = $this->app;
$req = $app->request;
$session_factory = new \BicBucStriim\SessionFactory();
$session = $session_factory->newInstance($_COOKIE);
$session->setCookieParams(array('path' => $app->request->getRootUri() . '/'));
$auth_factory = new \Aura\Auth\AuthFactory($_COOKIE, $session);
$app->auth = $auth_factory->newInstance();
$hash = new \Aura\Auth\Verifier\PasswordVerifier(PASSWORD_BCRYPT);
$cols = array('username', 'password', 'id', 'email', 'role', 'languages', 'tags');
$pdo_adapter = $auth_factory->newPdoAdapter($app->bbs->mydb, $hash, $cols, 'user');
$app->login_service = $auth_factory->newLoginService($pdo_adapter);
$app->logout_service = $auth_factory->newLogoutService($pdo_adapter);
$resume_service = $auth_factory->newResumeService($pdo_adapter);
try {
$resume_service->resume($app->auth);
} catch (ErrorException $e) {
$app->getLog()->warn('login error: bad cookie data ' . var_export(get_class($e), true));
}
$app->getLog()->debug("after resume: " . $app->auth->getStatus());
if ($app->auth->isValid()) {
// already logged in -- check for bad cookie contents
$ud = $app->auth->getUserData();
if (is_array($ud) && array_key_exists('role', $ud) && array_key_exists('id', $ud)) {
// contents seems ok
return true;
} else {
$app->getLog()->warn("bad cookie contents: killing session");
// bad cookie contents, kill it
$session->destroy();
return false;
}
} else {
// not logged in - check for login info
$auth = $this->checkPhpAuth($req);
if (is_null($auth)) {
$auth = $this->checkHttpAuth($req);
}
$app->getLog()->debug('login auth: ' . var_export($auth, true));
// if auth info found check the database
if (is_null($auth)) {
return false;
} else {
try {
$app->login_service->login($app->auth, array('username' => $auth[0], 'password' => $auth[1]));
$app->getLog()->debug('login status: ' . var_export($app->auth->getStatus(), true));
} catch (Auth\Exception $e) {
$app->getLog()->debug('login error: ' . var_export(get_class($e), true));
}
return $app->auth->isValid();
}
}
}
/**
* Check if the access request is authorized by a user. A request must either contain session data from
* a previous login or contain a HTTP Basic authorization info, which is then used to
* perform a login against the users table in the database.
* @return true if authorized else false
*/
protected function is_authorized()
{
$app = $this->app;
$req = $app->request;
$session_factory = new \BicBucStriim\SessionFactory();
$session = $session_factory->newInstance($_COOKIE);
$session->setCookieParams(array('path' => $app->request->getRootUri() . '/'));
$auth_factory = new \Aura\Auth\AuthFactory($_COOKIE, $session);
$app->auth = $auth_factory->newInstance();
$hash = new \Aura\Auth\Verifier\PasswordVerifier(PASSWORD_BCRYPT);
$cols = array('username', 'password', 'id', 'email', 'role', 'languages', 'tags');
$pdo_adapter = $auth_factory->newPdoAdapter($app->bbs->mydb, $hash, $cols, 'user');
$app->login_service = $auth_factory->newLoginService($pdo_adapter);
$app->logout_service = $auth_factory->newLogoutService($pdo_adapter);
$resume_service = $auth_factory->newResumeService($pdo_adapter);
$resume_service->resume($app->auth);
$app->getLog()->debug("after resume: " . $app->auth->getStatus());
if ($app->auth->isValid()) {
// already logged in
return true;
} else {
// not logged in - check for login info
$auth = $this->checkPhpAuth($req);
if (is_null($auth)) {
$auth = $this->checkHttpAuth($req);
}
//$app->getLog()->debug('login auth: '.var_export($auth,true));
// if auth info found check the database
if (is_null($auth)) {
return false;
} else {
$li = $app->login_service->login($app->auth, array('username' => $auth[0], 'password' => $auth[1]));
// $app->getLog()->debug('login answer: '.var_export($li,true));
return $li;
}
}
}