} else {
logExit("Bad request method. POST/json required", "Bad request method. POST/json required");
}
if (empty($json->username) or empty($json->password) or empty($json->clientToken)) {
logExit("[auth16x.php] login process [Empty input] [ " . (empty($json->username) ? 'LOGIN ' : '') . (empty($json->password) ? 'PASSWORD ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]");
}
loadTool('user.class.php');
DBinit('auth');
$login = $json->username;
$password = $json->password;
$clientToken = $json->clientToken;
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $password) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) {
logExit("[auth16x.php] login process [Bad symbols] User [{$login}] Password [{$password}] clientToken [{$clientToken}]");
}
$BD_Field = strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email'];
$auth_user = new User($login, $BD_Field);
if (!$auth_user->id()) {
logExit("[auth16.php] login process [Unknown user] User [{$login}] Password [{$password}]");
}
if ($auth_user->lvl() <= 1) {
exit("Bad login");
}
if (!$auth_user->authenticate($password)) {
logExit("[auth16.php] login process [Wrong password] User [{$login}] Password [{$password}]");
}
$sessid = generateSessionId();
getDB()->ask("UPDATE `{$bd_names['users']}` SET " . "`{$bd_users['session']}`=:session , " . "`{$bd_users['clientToken']}`=:token " . "WHERE `{$BD_Field}`=:login", array('session' => $sessid, 'login' => $login, 'token' => $clientToken));
vtxtlog("[auth16.php] login process [Success] User [{$login}] Session [{$sessid}] clientToken[{$clientToken}]");
$profile = array('id' => $auth_user->id(), 'name' => $auth_user->name());
$responce = array('clientToken' => $clientToken, 'accessToken' => $sessid, 'availableProfiles' => array(0 => $profile), 'selectedProfile' => $profile);
exit(json_encode($responce));
function logExit($text, $output = "Bad login")
{
vtxtlog($text);
exit($output);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) {
$json = json_decode($HTTP_RAW_POST_DATA);
} else {
logExit("Bad request method. POST/json required", "Bad request method. POST/json required");
}
if (empty($json->accessToken) or empty($json->clientToken)) {
logExit("[invalidate16x.php] invalidate process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]");
}
loadTool('user.class.php');
DBinit('auth');
$sessionid = $json->accessToken;
$clientToken = $json->clientToken;
if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) {
logExit("[invalidate16x.php] login process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]");
}
$sql = "SELECT `{$bd_names['email']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:sessionid AND `{$bd_users['clientToken']}`=:token";
$result = getDB()->fetchRow($sql, array('sessionid' => $sessionid, 'token' => $clientToken), 'num');
if (!$result) {
logExit("[invalidate16x.php] invalidate process, wrong accessToken/clientToken pair");
}
$login = $result[0];
$auth_user = new User($login, $bd_users['email']);
$sql = "UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='' " . "WHERE `{$bd_users['email']}`=:email";
getDB()->ask($sql, array('email' => $login));
vtxtlog("[invalidate16x.php] refresh process [Success] User [{$login}] Invalidate Session [{$sessionid}] clientToken[{$clientToken}]");
exit;
{
vtxtlog($text);
exit($output);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) {
$json = json_decode($HTTP_RAW_POST_DATA);
} else {
logExit("Bad request method. POST/json required", "Bad request method. POST/json required");
}
if (empty($json->accessToken) or empty($json->clientToken)) {
logExit("[refresh16x.php] refresh process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]");
}
loadTool('user.class.php');
DBinit('auth');
$sessionid = $json->accessToken;
$clientToken = $json->clientToken;
if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) {
logExit("[refresh16x.php] refresh process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]");
}
$sql = "SELECT `{$bd_users['id']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['clientToken']}`=:token ";
$result = getDB()->fetchRow($sql, array('token' => $clientToken, 'session' => $sessionid), 'num');
if (!$result) {
logExit("[refresh16x.php] refresh process, wrong accessToken/clientToken pair [{$sessionid}] [{$clientToken}]");
}
$auth_user = new User($result[0]);
$sessid = generateSessionId();
getDB()->ask("UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='{$sessid}' WHERE `{$bd_users['id']}`='" . $auth_user->id() . "'");
$profile = array('id' => $auth_user->id(), 'name' => $auth_user->name());
vtxtlog("[refresh16x.php] refresh process [Success] User [{$profile['name']}] NewSession [{$sessid}] OldSession[{$sessionid}]");
$responce = array('clientToken' => $clientToken, 'accessToken' => $sessid, 'selectedProfile' => $profile);
exit(json_encode($responce));
