public static function startNewSession($username, $password, $gcm_id)
{
$success = true;
//test if the username and password are correct
if (user::isLogin($username, $password)) {
//retrieve user info
$user_info = user::getUserByUsername($username);
$e = user::setGCM($user_info['id'], $gcm_id);
$success = $success && $e;
//check if user has existing session:
if (session::does_user_have_session($user_info['id'])) {
//remove the session
$session_info = session::get_last_session_for_user_id($user_info['id']);
session::delete_session_by_id($session_info['id']);
}
//generate a unique hash
$newHash = md5(random::generateString(10));
while (!session::is_unique_hash($newHash)) {
$newHash = md5(random::generateString(10));
}
//create a session
$res = session::add_new_session($user_info['id'], $newHash, "0");
$success = $success && $res;
if (!$success) {
Execute::$lastErrorMessage = "failed to add new changes to database";
Report::error(__METHOD__ . "," . __LINE__, "failed to new cahnges to database");
}
return $success;
} else {
Execute::$lastErrorMessage = "trying to login with an incorrect username or password";
Report::warning(__METHOD__ . "," . __LINE__, "trying to login with an incorrect username or password");
return false;
//trying to log in with an incorrect username or password
}
}
public function test()
{
$username = "******";
$password = "******";
$email = "*****@*****.**";
$username2 = "bla2";
$password2 = "pass2";
$email2 = "*****@*****.**";
$username3 = "gue";
$password3 = "pass3";
$email3 = "*****@*****.**";
user::create_new_user($username, $password, $email);
$this->assertEquals(1, user::getNumberOfUsers(), "number of users is not correct after adding a new user");
user::create_new_user($username2, $password2, $email2);
$this->assertEquals(2, user::getNumberOfUsers(), "number of users is not correct after adding a new user");
user::create_new_user($username3, $password3, $email3);
$this->assertEquals(3, user::getNumberOfUsers(), "number of users is not correct after adding a new user");
$user1ID = user::getUserByUsername($username)['id'];
$user2ID = user::getUserByUsername($username2)['id'];
$user3ID = user::getUserByUsername($username3)['id'];
$this->assertTrue(safe_input::is_valid_session_hash(md5("\$3dfsd43^^%")), "safe_input::is_valid_session_hash()");
$this->assertFalse(safe_input::is_valid_session_hash("x = 2 "), "safe_input::is_valid_session_hash()");
//get_last_session_for_user_id($user_id)
//add_new_session($user_id,$hash,$encryption_key)
$this->assertFalse(session::add_new_session("hh", md5("bla"), md5("bla2")), "[add_new_session()]");
$this->assertTrue(session::add_new_session($user1ID, md5("bla"), md5("bla2")), "failed to add new session[add_new_session()]");
$s1 = session::$last_inserted_id;
$this->assertFalse(session::is_unique_hash(md5("bla")), "[session::is_unique_hash()]");
$this->assertTrue(session::is_unique_hash(md5("bddla")), "[session::is_unique_hash()]");
//$this->assertNull(session::add_new_session($user2ID,md5("bla"),md5("mmm")),"Hash has to be unique! [add_new_session()]") ;
$this->assertTrue(session::add_new_session($user2ID, md5("hash2"), md5("bla2")), "failed to add new session[add_new_session()]");
$this->assertTrue(session::add_new_session($user1ID, md5("hash2sss"), md5("blssssa2")), "failed to add new session[add_new_session()]");
$s2 = session::$last_inserted_id;
$s_info = session::get_last_session_for_user_id($user1ID);
$this->assertEquals($s_info['encryptionKey'], md5("blssssa2"), "[get_last_session_for_user_id()]");
$this->assertFalse(session::is_unique_hash($s_info['hash']), "[is_unique_hash()]");
$this->assertTrue(session::is_unique_hash(md5("asdfasefds")), "[is_unique_hash()]");
$this->assertTrue(session::does_user_have_session($user2ID), "[does_user_have_session()]");
$this->assertFalse(session::does_user_have_session($user3ID), "[does_user_have_session()]");
//delete_all_sessions_for_user_id($user_id)
$this->assertFalse(session::delete_all_sessions_for_user_id("sadsadsad"), "[delete_all_sessions_for_user_id()]");
$this->assertTrue(session::delete_all_sessions_for_user_id($user2ID), "[delete_all_sessions_for_user_id()]");
$this->assertFalse(session::does_user_have_session($user2ID), "[does_user_have_session()]");
$this->assertTrue(session::does_user_have_session($user1ID), "[does_user_have_session()]");
//session::delete_session_by_id($session_id)
$s_info = session::get_last_session_for_user_id($user1ID);
$this->assertTrue(session::add_new_session($user2ID, md5("hash2"), md5("bla2")), "failed to add new session[add_new_session()]");
$s2_info = session::get_last_session_for_user_id($user2ID);
$this->assertTrue(session::delete_session_by_id($s2_info['id']), "[delete_session_by_id()]");
$this->assertFalse(session::does_user_have_session($user2ID), "[does_user_have_session()]");
$this->assertTrue(session::does_user_have_session($user1ID), "[does_user_have_session()]");
//session::delete_session_by_hash($hash)
$s_info = session::get_last_session_for_user_id($user1ID);
$this->assertTrue(session::add_new_session($user2ID, md5("hash2"), md5("bla2")), "failed to add new session[add_new_session()]");
$s2_info = session::get_last_session_for_user_id($user2ID);
$this->assertTrue(session::delete_session_by_hash($s2_info['hash']), "[delete_session_by_id()]");
$this->assertFalse(session::does_user_have_session($user2ID), "[does_user_have_session()]");
$this->assertTrue(session::does_user_have_session($user1ID), "[does_user_have_session()]");
//session::get_session_by_hash($hash)
$s_infos = session::get_session_by_hash($s_info['hash']);
$this->assertEquals($s_info['id'], $s_infos['id'], "session::get_session_by_hash()");
}
public function newSession()
{
if (XmlRequestValidator::isValidNewSessionRequest($this->requestData)) {
$username = $this->requestData->body->username;
$password = $this->requestData->body->password;
$gcm_id = $this->requestData->body->gcm;
if (Execute::startNewSession($username, $password, $gcm_id)) {
//seccuss response with the session id
$user_info = user::getUserByUsername($username);
$session_info = session::get_last_session_for_user_id($user_info['id']);
$hash = $session_info['hash'];
$this->response = XmlBuilder::newSessionSuccessfullResponse("plain", $hash);
} else {
//failure response with the reason
$this->response = XmlBuilder::failed_response("plain", 2, XmlParseRequest::$DATABASE_ERROR, Execute::$lastErrorMessage);
}
} else {
Report::error(__METHOD__ . "," . __LINE__, "invalid new session request!");
$this->invalidRequest();
}
}
public function test()
{
$obj = new XmlParseRequest();
$xmlFile1 = file_get_contents("./files/invalidXmlFile1.xml");
$xmlFile2 = file_get_contents("./files/invalidXmlFile2.xml");
$this->assertFalse($obj->isValidXmlFile($xmlFile1), "isValidXmlFile");
$xmlFile2 = file_get_contents("./files/invalidXmlFile2.xml");
$this->assertFalse($obj->isValidXmlFile($xmlFile2), "isValidXmlFile");
$xmlFile3 = file_get_contents("./files/validXmlFile.xml");
$this->assertTrue($obj->isValidXmlFile($xmlFile3), "isValidXmlFile");
$xmlDocument = simplexml_load_string($xmlFile3);
$this->assertTrue($obj->isValidRequest($xmlDocument), "isvalidRequest");
$obj->processRequest($xmlFile1);
$xm1 = simplexml_load_string($obj->getResponse());
$this->assertTrue(!empty($xm1->xpath("/response/error")), "[processRequest]");
$xmlFile4 = file_get_contents("./files/registerNewUserRequest.xml");
$obj->processRequest($xmlFile4);
$xmm = simplexml_load_string($xmlFile4);
$xm2 = simplexml_load_string($obj->getResponse());
$this->assertTrue(!empty($xm2->xpath("/response/body/status")), "[processRequest]");
$this->assertEquals("successful", $xm2->body->status, "[processRequest]");
$u = (string) $xmm->body->username;
$email = (string) $xmm->body->email;
$this->assertTrue(user::doesUsernameExist($u), "register new user request[processRequest]");
$user_info = user::getUserByUsername($u);
$this->assertEquals($u, $user_info['username'], "useranme was not add correctly by the request[processRequest]");
$this->assertEquals($email, $user_info['email'], "email was not add correctly by the request[processRequest]");
//newSession()
$username = "******";
$password = "******";
$email = "*****@*****.**";
$gcm_id = "23546813DFGE56456";
user::create_new_user($username, $password, $email);
$xmlFile = file_get_contents("./files/newSessionRequest.xml");
$p = simplexml_load_string($xmlFile);
$p->body->username = $username;
$p->body->password = $password;
$p->body->gcm = $gcm_id;
$req = $p->asXML();
$obj = new XmlParseRequest();
$obj->processRequest($req);
$response = $obj->getResponse();
$pr = simplexml_load_string($response);
$user_info = user::getUserByUsername($username);
$session_info = session::get_last_session_for_user_id($user_info['id']);
$this->assertEquals("successful", $pr->body->status, "[new session request]");
$this->assertEquals($session_info['hash'], $pr->body->session, "[new session request]");
$this->assertEquals($gcm_id, $user_info['gcmID'], "[new session request]");
$p = simplexml_load_string($xmlFile);
$p->body->password = $password . "ddd";
$req = $p->asXML();
$obj = new XmlParseRequest();
$obj->processRequest($req);
$response = $obj->getResponse();
$pr = simplexml_load_string($response);
$this->assertEquals("failed", $pr->body->status, "[new session request]");
//endSession()
session::clear_table();
user::clear_table();
$username = "******";
$password = "******";
$email = "*****@*****.**";
user::create_new_user($username, $password, $email);
$user_info = user::getUserByUsername($username);
$session = md5("dfgfds4543");
session::add_new_session($user_info['id'], $session, "0");
$xmlFile = file_get_contents("./files/endSessionRequest.xml");
$p = simplexml_load_string($xmlFile);
$p->body->session = $session;
$req = $p->asXML();
$obj = new XmlParseRequest();
$obj->processRequest($req);
$response = $obj->getResponse();
$pr = simplexml_load_string($response);
$this->assertEquals("successful", $pr->body->status, "[end session request]");
$this->assertEquals($session, $pr->body->session, "[end session request]");
//give an invalid session id
$obj->processRequest($xmlFile);
$response = $obj->getResponse();
$pr = simplexml_load_string($response);
$this->assertTrue(!empty($pr->xpath("/response/body/reason")), "[end seesion request]");
//registerGCM()
session::clear_table();
user::clear_table();
$username = "******";
$password = "******";
$email = "*****@*****.**";
$gcm = "SDFGa43534";
user::create_new_user($username, $password, $email);
$user_info = user::getUserByUsername($username);
$session = md5("dfgfds4543");
session::add_new_session($user_info['id'], $session, "0");
$xmlFile = file_get_contents("./files/registerGCMRequest.xml");
$p = simplexml_load_string($xmlFile);
$p->body->session = $session;
$p->body->gcm = $gcm;
$req = $p->asXML();
$obj = new XmlParseRequest();
$obj->processRequest($req);
$response = $obj->getResponse();
$pr = simplexml_load_string($response);
$this->assertEquals("successful", $pr->body->status, "[register GCM id request]");
$this->assertEquals($session, $pr->body->session, "[register GCM id request]");
$user_info = user::getUserByUsername($username);
$this->assertEquals($gcm, $user_info['gcmID'], "[register GCM id request]");
//test failure
$p = simplexml_load_string($xmlFile);
$p->body->session = md5("asdssfsfs");
$req = $p->asXML();
$obj = new XmlParseRequest();
$obj->processRequest($req);
$response = $obj->getResponse();
$pr = simplexml_load_string($response);
$this->assertEquals("failed", $pr->body->status, "[register GCM id request]");
$this->assertEquals("1", $pr->body->error_code, "[register GCM id request]");
}
