function execute($request)
{
$username = $request['form']['login_username'] . '';
$password = $request['form']['login_password'] . '';
$error = null;
if (strlen($username) > 0) {
$result = api_account_create_session($username, $password, 'web', $request['ip'], 14 * 24);
// two weeks
if ($result['OK']) {
$expire = time() + 365 * 24 * 3600;
setcookie('npclient', 'web', $expire);
setcookie('nptoken', $result['token'], $expire);
return build_response_moved_temporarily('/');
} else {
switch ($result['message']) {
case 'WRONG_PASSWORD':
$error = "Bad password. Did you forget it?";
break;
default:
$error = "Server returned error code: " . $result['message'];
break;
}
}
}
$output = array('<h1>Log in</h1>', $error == null ? '' : nl2br(htmlspecialchars($error)), '<form action="/login" method="post">', 'Username: <input type="text" name="login_username" value="' . htmlspecialchars($username) . '"/><br />', 'Password: <input type="password" name="login_password" /><br />', '<input type="submit" name="submit" value="Login" />', '</form>');
return build_response_ok("Log In", implode("\n", $output));
}
/**
* Gets information about the raw HTTP request.
*/
function get_http_request()
{
$url_parts = get_url_parts();
$path = '/' . implode('/', $url_parts);
$is_logout = $path == '/logout';
$method = strtoupper(trim($_SERVER['REQUEST_METHOD']));
$verified_user_id = 0;
$login_id = null;
$name = null;
$is_admin = false;
$ip = trim($_SERVER['REMOTE_ADDR']);
$content = null;
$form = array();
$content_type = null;
$raw_content = null;
$files = array();
$cookies = array();
foreach ($_COOKIE as $k => $v) {
$cookies[$k] = $v;
}
if ($method != 'GET') {
$content_type = trim(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : $_SERVER['HTTP_CONTENT_TYPE']);
if (strpos($content_type, 'application/x-www-form-urlencoded') === 0 || strpos($content_type, 'multipart/form-data') === 0) {
foreach ($_POST as $key => $value) {
$form[$key] = $value;
}
foreach ($_FILES as $key => $value) {
$file_info = array('id' => $key, 'mime' => $value['type'], 'type' => get_file_type($value['type']), 'size' => $value['size'], 'path' => $value['tmp_name'], 'is_image' => false);
if ($file_info['type'] == 'PNG' || $file_info['type'] == 'JPEG' || $file_info['type'] == 'GIF') {
$file_info['is_image'] = true;
$dim = @getimagesize($file_info['path']);
if (is_array($dim) && count($dim) >= 2) {
$file_info['image_width'] = $dim[0];
$file_info['image_height'] = $dim[1];
}
}
array_push($files, $file_info);
}
} else {
$raw_content = file_get_contents('php://input');
}
}
$session_token = trim($cookies['nptoken']);
$client = trim($cookies['npclient']);
$ttl_hours = 24 * 30;
// change this for other clients upon request.
if (!$is_logout && isset($form['login_username'])) {
$login_result = api_account_create_session($login_result['name'], $form['login_password'], $client, $ip, $ttl_hours);
if ($login_result['status'] == 'OK') {
$user_id = $login_result['user_id'];
$session_token = $login_result['token'];
}
}
$login_failure = false;
$user_info = null;
if (!$is_logout && strlen($session_token) > 0) {
$user_info = api_account_authenticate_with_session($session_token, $ip);
if ($user_info['status'] != 'OK') {
$user_info = null;
$login_failure = true;
}
}
if ($user_info !== null) {
$verified_user_id = $user_info['user_id'];
$is_admin = $user_info['is_admin'];
$login_id = $user_info['login_id'];
$name = $user_info['name'];
$avatar = $user_info['avatar'];
}
if ($is_logout) {
$session_token = '';
}
setcookie('npclient', 'web', $expire);
setcookie('nptoken', $session_token, $expire);
return array('method' => $method, 'path' => $path, 'path_parts' => $url_parts, 'user_id' => $verified_user_id, 'login_id' => $login_id, 'logged_in' => $verified_user_id > 0, 'login_failure' => $login_failure, 'name' => $name, 'is_admin' => $is_admin, 'content_type' => $content_type, 'form' => $form, 'raw_content' => $raw_content, 'files' => $files, 'cookies' => $cookies, 'ip' => $ip, 'avatar' => $avatar, 'now' => time());
}