static function changeUserPassword($app) { $post = $app->request->post(); if (!v::key('userId', v::stringType())->validate($post) && !v::key('email', v::stringType())->validate($post) || !v::key('current', v::stringType())->validate($post)) { return $app->render(400, array('msg' => "Password could not be changed. Check your parameters and try again.")); } else { if (!AuthControllerNative::validatePasswordRequirements($post, 'new')) { return $app->render(400, array('msg' => "Invalid Password. Check your parameters and try again.")); } } $savedPassword = v::key('userId', v::stringType())->validate($post) ? AuthData::selectUserPasswordById($post['userId']) : AuthData::selectUserPasswordByEmail($post['email']); if (!$savedPassword) { return $app->render(400, array('msg' => "User not found. Check your parameters and try again.")); } else { if (!password_verify($post['current'], $savedPassword)) { return $app->render(400, array('msg' => "Invalid user password. Unable to verify request.")); } else { if (AuthData::updateUserPassword(array(':id' => $post['userId'], ':password' => password_hash($post['new'], PASSWORD_DEFAULT)))) { return $app->render(200, array('msg' => "Password successfully changed.")); } else { return $app->render(400, array('msg' => "Password could not be changed. Try again later.")); } } } }
static function signup($app) { // Get Post Data $post = $app->request->post(); // Validate Sent Input $valid = self::validateFacebookProfile($post); if ($valid !== true) { return array('registered' => false, 'msg' => 'Facebook signup failed. Check your parameters and try again.'); } /* $token = self::getActiveAccessToken(); $profile = self::getProfile($post['accessToken']); if(true || !$token) { return array('registered' => false, 'msg' => 'Facebook signup failed. You are not logged into Facebook.', 'token' => $token, 'profile' => $profile, 'post' => $post, 'cookie' => $_COOKIE); } */ // Look for user with that email $existing = AuthData::selectUserAndPasswordByEmail($post['email']); if ($existing) { /// FAIL - If a user with that email already exists return array('registered' => false, 'msg' => 'Facebook signup failed. A user with that email already exists.'); } $validUser = array(':email' => $post['email'], ':name_first' => $post['nameFirst'], ':name_last' => $post['nameLast'], ':facebook_id' => $post['facebookId']); $userId = AuthData::insertFacebookUser($validUser); if (!$userId) { /// FAIL - If Inserting the user failed return array('registered' => false, 'msg' => 'Facebook signup failed. Could not save user.'); } // Select our new user $user = AuthData::selectUserById($userId); if (!$user) { /// FAIL - If Inserting the user failed (hopefully this is redundant) return array('registered' => false, 'msg' => 'Facebook signup failed. Could not select user.'); } // Save "Where did you hear about us" and any other additional questions // This is "quiet" in that it may not execute if no paramters match // And it doesnt set the response for the api call InfoController::quietlySaveAdditional($post, $user->id); // Create an authorization $token = AuthControllerNative::createAuthToken($app, $user->id); if ($token) { // Create the return object $found = array('user' => $user); $found['user']->apiKey = $token['apiKey']; $found['user']->apiToken = $token['apiToken']; $found['sessionLifeHours'] = $token['sessionLifeHours']; $found['registered'] = true; return $found; } else { return array('registered' => false, 'msg' => 'Facebook Signup failed to creat auth token.'); } }