public function postAction() { $db = $this->_helper->database->getAdapter(); $username = $this->getRequest()->getParam("username"); $password = $this->getRequest()->getParam("password"); // $loginButton = $this->getRequest()->getParam("loginButton"); // $registerButton = $this->getRequest()->getParam("registerButton"); $register = $this->getRequest()->getParam("register") == 'on'; // self::$logger->debug("loginButton $loginButton registerButton $registerButton"); self::$logger->debug("register? ({$register})"); $token = null; /* We set up token either by logging in, or registering a new account. */ $response = array('success' => false, 'message' => 'An unknown error occurred'); if (!$register) { self::$logger->debug("validate username (" . $username . ") password (" . $password . ")"); // $select_rs = $db->select() // ->from('user', 'id') // ->where('username = ?', $username)->fetchAll(); $sql = $db->quoteInto('select id, password from user where username = ?', $username); $select_rs = $db->fetchAll($sql); self::$logger->debug("found " . count($select_rs) . " rows for username ({$username})"); if (count($select_rs) == 0) { $response['success'] = false; $response['message'] = "Unknown user account '{$username}'."; } else { if (count($select_rs) > 1) { $response['success'] = false; $response['message'] = "Duplicate user account '{$username}'."; } else { $user_id = $select_rs[0]->id; self::$logger->debug("Found user id {$user_id} for username {$username}"); // check password against what's in DB //self::$logger->debug("first row: " . json_encode($select_rs[0])); if ($this->validate_password($password, $select_rs[0]->password)) { $response['success'] = true; $response['username'] = $username; $response['message'] = "You have logged on successfully."; } else { $response['success'] = false; $response['message'] = "Username or Password was not valid."; } } } } else { self::$logger->debug("CREATE NEW ACCOUNT username {$username} password {$password}"); $select = $db->select()->from('user', "COUNT(*) as cc")->where('username = ?', $username); if ($db->fetchRow($select)->cc == 0) { self::$logger->debug("Username doesn't already exist, OK to create account."); $first_name = $this->getRequest()->getParam("first_name"); $last_name = $this->getRequest()->getParam("last_name"); $email = $this->getRequest()->getParam("email"); if (!$first_name || strlen($first_name) == 0 || !$last_name || strlen($last_name) == 0 || !$email || strlen($email) == 0) { $response['message'] = "A required field was missing"; } else { self::$logger->debug("Inserting new user into database, password {$password} encrypts to (" . $this->encrypt_password($password) . ")..."); $db->insert('user', array('username' => $username, 'password' => $this->encrypt_password($password), 'role' => 'user', 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email)); $user_id = $db->lastInsertId(); self::$logger->debug("Returning success."); $response['success'] = true; $response['username'] = $username; $response['message'] = "Your user account was created successfully."; } } else { $response['success'] = false; $response['message'] = "The username already exists."; } } if ($response['success'] == true) { $token = SecurityUtils::generateToken(); self::$logger->debug("Updating username ({$username}) with token ({$token})..."); $db->update('user', array('token' => $token), "id = {$user_id}"); // 2 weeks = 60*60*24*7 = 604800 setcookie('token', $token, time() + 604800, '/'); // TODO pass 'secure' when we support https // $cookie = new Zend_Http_Cookie('token', // $token, // $_SERVER['SERVER_NAME'], // time() + 604800, // '/; secure'); // // $client->setCookie($cookie); $response['token'] = $token; } //sleep(2); // simulate network lag echo Zend_Json::encode($response); }