protected function _run($request)
{
if ($this->requestMethod == 'POST' && count($request) == 0) {
// User tries to login
Authentication::login($_POST['username'], $_POST['password']);
if (!Authentication::authenticated()) {
Headers::sendStatusUnauthorized();
return;
} else {
Headers::sendStatusOk();
echo "login succeeded<br>";
return;
}
} else {
Authentication::authenticate();
if (!Authentication::authenticated()) {
Headers::sendStatusUnauthorized();
return;
}
if ($this->requestMethod == 'GET' && count($request) > 0) {
// User info requested
echo "requesting userinfo of user " . $request[0];
} else {
// Bad request
Headers::sendStatusMethodNotAllowed();
echo "Method not allowed<br>";
print_r($request);
}
}
}
public function __construct($request)
{
$this->_setRequestMethod();
Authentication::authenticate();
if (!Authentication::authenticated()) {
// Return unauthorised response
Headers::sendStatusUnauthorised();
echo "Unauthorised<br>";
return;
}
$this->_run($request);
}
protected function authenticate()
{
$auth = new Authentication();
if (($user = $auth->authenticate($_POST['Login']['Username'], hash('sha512', $_POST['Login']['Password']))) !== false) {
if (!isset($_SESSION['Authenticated'])) {
$_SESSION['Authentication'] = array();
}
$_SESSION['Authentication']['User'] = $user;
$_SESSION['Authentication']['LoggedIn'] = true;
} else {
$GLOBALS['Smarty']->assign('errormessage', 'Login fehlgeschlagen');
}
}
public function loginSubmit($credentials = [])
{
if (isset($credentials)) {
if ($credentials['userid'] != '') {
if ($credentials['password'] != '') {
if (Authentication::authenticate($credentials)) {
$_SESSION['userid'] = $credentials['userid'];
$_SESSION['isLogin'] = true;
header("Location: ../welcome/");
} else {
$this->flushOutput('Login failed.');
}
} else {
$this->flushOutput('Please fill Password.');
}
} else {
$this->flushOutput('Please fill ID No.');
}
}
}
*
* The second part of the query is provided by AJAX in the form of the -query- variable, containing
* whatever terms the user enters in the autocomplete field.
*/
/**
* allow for testing
*/
$debug = false;
/**
* includes
*/
require_once dirname(dirname(dirname(__FILE__))) . "/redcap_connect.php";
/**
* restricted use
*/
$userAuthenticated = Authentication::authenticate();
if ($userAuthenticated) {
/**
* get text entered by user. This is appended to query string by jquery autocomplete
*/
$full_query = $_GET['q'];
$term = prep($_GET['term']);
/**
* get field name, used to make session unique
*/
$field_name = $_GET['f'];
$query_field = $_GET['a'];
/**
* get query fragment, passed in session variable to keep prying eyes away
* results should be limited by adding LIMIT 0,n to query after $term enclosure
* if no session variable, return an appropriate error value
