Esempio n. 1
0
 $current = filter_input(INPUT_GET, "current", FILTER_VALIDATE_BOOLEAN);
 //handle REST calls
 if ($method === "GET") {
     //set XSRF cookie
     setXsrfCookie("/");
     //get the profile based on the given field
     if (empty($profileId) === false) {
         //			$profile = Profile::getProfileByProfileId($pdo, $profileId);
         //			if($profile !== null && $profile->getProfileId() === $_SESSION["profile"]->getProfileId()) {
         //				$reply->data = $profile;
         //			}
         $profile = Profile::getProfileByProfileId($pdo, $profileId);
         $reply->data = $profile;
     } else {
         if (empty($profileEmail) === false) {
             $profile = Profile::getProfileByProfileEmail($pdo, $profileEmail);
             if ($profile !== null && $profile->getProfileId() === $_SESSION["profile"]->getProfileId()) {
                 $reply->data = $profile;
             }
         } else {
             if (empty($profileHandle) === false) {
                 $profile = Profile::getProfileByProfileHandle($pdo, $profileHandle);
                 if ($profile !== null && $profile->getProfileId() === $_SESSION["profile"]->getProfileId()) {
                     $reply->data = $profile;
                 }
             } else {
                 if (empty($profileNameF) === false) {
                     $profile = Profile::getProfileByProfileNameF($pdo, $profileNameF);
                     if ($profile !== null && $profile->getProfileId() === $_SESSION["profile"]->getProfileId()) {
                         $reply->data = $profile;
                     }
Esempio n. 2
0
    session_start();
}
//Create an empty reply
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
    // verify user login options
    //	$pdo //Connect to mysql encrypted;
    verifyXsrf();
    $requestContent = file_get_contents("php://input");
    $requestObject = json_decode($requestContent);
    //grab the mySQL connection
    $pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/jpegery.ini");
    try {
        $profile = Profile::getProfileByProfileEmail($pdo, $requestObject->emailHandlePhone);
    } catch (Exception $exception) {
        $profile = null;
    }
    if ($profile === null) {
        $profile = Profile::getProfileByProfileHandle($pdo, $requestObject->emailHandlePhone);
    }
    if ($profile === null) {
        $profile = Profile::getProfileByProfilePhone($pdo, $requestObject->emailHandlePhone);
    }
    // if login options cannot be verified throw exception
    if ($profile === null) {
        throw new \RuntimeException("User name or password is incorrect");
    }
    $hash = hash_pbkdf2("sha512", $requestObject->password, $profile->getProfileSalt(), 262144);
    // if login credentials are valid; start session