/**
* Process Login from api
*
* @return userID, Email and Token
*/
public function loginAction()
{
//The login request should be POST method
$request = $_POST;
$token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null;
$email = isset($request['email']) ? trim($request['email']) : null;
$password = isset($request['password']) ? trim($request['password']) : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if ($token != THENEWBOSTON_PUBLIC_API_KEY) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
$info = buckys_get_user_by_email($email);
if (buckys_not_null($info) && buckys_validate_password($password, $info['password'])) {
if ($info['status'] == 0) {
//Account is not verified
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_ACCOUNT_NOT_VERIFIED)];
} else {
//Remove Old Token
BuckysUsersToken::removeUserToken($info['userID'], 'api');
//Create New Token
$token = BuckysUsersToken::createNewToken($info['userID'], 'api');
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'TOKEN' => $token, 'EMAIL' => $info['email'], 'USERID' => $info['userID']]];
}
} else {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Email or password is not correct.')];
}
}
/**
* Create new password and send it to user
*
* @param String $email
*/
public function resetPassword($email)
{
global $db;
$email = trim($email);
if (!$email) {
buckys_redirect('/register.php?forgotpwd=1', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR);
return;
}
//Check Email Address
if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $email)) {
buckys_redirect('/register.php?forgotpwd=1', MSG_INVALID_EMAIL, MSG_TYPE_ERROR);
return false;
}
$query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", $email);
$userID = $db->getVar($query);
if (!$userID) {
buckys_redirect('/register.php?forgotpwd=1', MSG_EMAIL_NOT_FOUND, MSG_TYPE_ERROR);
return false;
}
$data = BuckysUser::getUserData($userID);
//Remove Old Token
BuckysUsersToken::removeUserToken($userID, 'password');
//Create New Token
$token = BuckysUsersToken::createNewToken($userID, 'password');
$link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token;
//Send an email to user with the link
$title = "Reset your password.";
$body = "Dear " . $data['firstName'] . " " . $data['lastName'] . "\n\n" . "Please reset your password by using the below link:\n" . $link . "\n\nBuckysroom.com";
require_once DIR_FS_INCLUDES . "phpMailer/class.phpmailer.php";
buckys_sendmail($data['email'], $data['firstName'] . " " . $data['lastName'], $title, $body);
buckys_redirect('/register.php', MSG_RESET_PASSWORD_EMAIL_SENT, MSG_TYPE_SUCCESS);
return;
}
buckys_redirect('/index.php', !$info['token'] ? MSG_ACCOUNT_BANNED : MSG_ACCOUNT_NOT_VERIFIED, MSG_TYPE_ERROR);
} else {
//Login Success
//Clear Login Attempts
BuckysTracker::clearLoginAttemps();
//Restart Session
session_regenerate_id(true);
$_SESSION['userID'] = $info['userID'];
//Init Some Session Values
$_SESSION['converation_list'] = [];
//Create Login Cookie Token
$login_token = hash('sha256', time() . buckys_generate_random_string(20, true) . time());
$login_token_secure = md5($login_token);
//Store Login Token
BuckysUsersToken::removeUserToken($info['userID'], "auth");
BuckysUsersToken::createNewToken($info['userID'], "auth", $login_token_secure);
//Slice the login token to three pieces
$login_token_piece1 = substr($login_token, 0, 20);
$login_token_piece2 = substr($login_token, 20, 20);
$login_token_piece3 = substr($login_token, 40);
//If website is using SSL, use secure cookies
if (SITE_USING_SSL == true) {
setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
} else {
setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
}
buckys_redirect($returnUrl ? base64_decode($returnUrl) : '/account.php');
