/** * Adding Middle Layer to authenticate every request * Checking if the request has valid api key in the 'Authorization' header */ function authenticate(\Slim\Route $route) { // Getting request headers $headers = apache_request_headers(); $response = array(); $app = \Slim\Slim::getInstance(); // Verifying Authorization Header if (isset($headers['Authorization'])) { $db = new DbHandlerAccount(); // get the api key $api_key = $headers['Authorization']; // validating api key if (!$db->isValidApiKey($api_key)) { // api key is not present in users table $response["error"] = true; $response["message"] = "Access Denied. Invalid Api key"; echoRespnse(401, $response); $app->stop(); } else { global $user_id; // get user primary key id $user = $db->getUserId($api_key); if ($user != NULL) { $user_id = $user["id"]; } } } else { // api key is missing in header $response["error"] = true; $response["message"] = "Api key is misssing"; echoRespnse(400, $response); $app->stop(); } }
echoRespnse(400, $response); } }); /** * User Edit * url - /User/edit * method - POST * params - email, password */ $app->put('/user/edit', 'authenticate', function () use($app) { // check for required params verifyRequiredParams(array('name', 'password')); global $user_id; $name = $app->request->put('name'); $password = $app->request->put('password'); $db = new DbHandlerAccount(); $response = array(); // updating task $result = $db->editUser($user_id, $name, $password); if ($result) { // task updated successfully $response["error"] = false; $response["message"] = "User updated successfully"; echoRespnse(200, $response); } else { // task failed to update $response["error"] = true; $response["message"] = "User failed to update. Please try again!"; echoRespnse(400, $response); } });