private function authenticationMessage($message) { switch ($message->action) { case 'login': $data = $message->data; if (!empty($data->username) && !empty($data->password)) { if ($this->checkValidToken()) { $sql = "SELECT `id`, `password` FROM user WHERE active = 1 AND username = '******'"; $users = $this->_db->fetchAll($sql); $loggedIn = false; if (1 == count($users)) { $this->_userId = $this->_db->escape($users[0]['id']); $password = $users[0]['password']; $hash = sha1($this->getToken() . $password); $loggedIn = $hash === $data->password; $sql = "UPDATE client SET userId = " . $this->_userId . " WHERE active = 1 AND resourceId = " . $this->_db->escape($this->_client->resourceId); $this->_db->query($sql); $this->invalidateOtherSessions(); } else { if (1 < count($users)) { $this->sendError("Invalid request to login user - Unexpected user count"); } } $this->sendMessage(Messaging::response('authentication', $message->action, array('loggedIn' => $loggedIn, 'message' => $loggedIn ? "" : "Username or Password is incorrect"))); } return; } else { $this->sendError("Invalid request to login user"); } return; default: $this->sendError("Unknown Message: " . json_encode($message)); break; } }
public function handleMessage($logic, $action, $type, $data) { switch ($action) { case 'email_exists': if ('request' == $type) { if (array_key_exists('email', $data)) { $logic->send(Messaging::response('user', $action, $this->checkUserExists($data['email']))); } else { $logic->error("Invalid call to User::emailExists - email not found"); } } else { $logic->error("Invalid call to User::emailExists"); } break; case 'create': if ('request' == $type) { $params = []; foreach (['email', 'password', 'firstname', 'lastname'] as $key => $value) { if (!array_key_exists($value, $data)) { $logic->error("Invalid call to User::create - {$value} not found"); } if (empty($data[$value])) { $logic->error("Invalid call to User::create - {$value} is empty"); } $params[$value] = $data[$value]; } //All fields are present and valid $exists = $this->checkUserExists($data['email']); $exists = $exists['exists']; if (!$exists) { $params['activationKey'] = strtoupper(sha1(uniqid())); $this->db->prepareInsert($params); $logic->send(Messaging::response('user', $action, ['created' => $this->db->insert('User')])); // TODO: Remove this, just for debug - need to send email echo "\nActivation Key: " . $params['activationKey'] . "\n"; } else { $logic->send(Messaging::response('user', $action, ['created' => false, 'reason' => 'email already exists'])); } } else { $logic->error("Invalid call to User::create"); } break; case 'login': if ('request' == $type) { $params = []; foreach (['email', 'password'] as $key => $value) { if (!array_key_exists($value, $data)) { $logic->error("Invalid call to User::login - {$value} not found"); } if (empty($data[$value])) { $logic->error("Invalid call to User::login - {$value} is empty"); } $params[$value] = $data[$value]; } //All fields are present and valid $sql = "SELECT `password`, `active` FROM User WHERE `email` = '" . $this->db->escape($params['email']) . "'"; $users = $this->db->fetchAll($sql); if (1 == count($users)) { if (1 == $users[0]['active']) { $calcToken = sha1($this->getToken() . $users[0]['password']); $logic->send(Messaging::response('user', $action, ['loggedIn' => $calcToken == $params['password'], 'message' => $calcToken == $params['password'] ? '' : 'Password is incorrect'])); } else { $logic->send(Messaging::response('user', $action, ['loggedIn' => false, 'message' => 'Please check your email to activate your account'])); } } else { $logic->send(Messaging::response('user', $action, ['loggedIn' => false, 'message' => 'User not found'])); } } else { $logic->error("Invalid call to User::login"); } break; default: $logic->error("Unknown User action"); break; } }