} else { $email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL); } // create user $user = User::getUserByUserEmail($pdo, $email); if (empty($user)) { throw new InvalidArgumentException("invalid email address"); } // hash for $password $hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144); // verify hash is correct if ($hash !== $user->getUserHash()) { throw new \InvalidArgumentException("password or username is incorrect"); } // grabbing company from database and put company and user in the session $company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId()); $_SESSION["company"] = $company; $_SESSION["user"] = $user; $reply->message = "login was successful"; } else { throw new \Exception("Invalid HTTP method"); } } catch (\Exception $exception) { $reply->status = $exception->getCode(); $reply->message = $exception->getMessage(); } catch (\TypeError $typeError) { $reply->status = $exception->getCode(); $reply->message = $exception->getMessage(); } header("Content-type: application/json"); echo json_encode($reply);
/** * test inserting a Company and re-grabbing it from mySQL **/ public function testGetValidCompanyByCompanyId() { // count the number of rows and save it for later $numRows = $this->getConnection()->getRowCount("company"); // create a new Company and insert to into mySQL $company = new Company(null, $this->VALID_COMPANYNAME, $this->VALID_COMPANYADDRESS1, $this->VALID_COMPANYADDRESS2, $this->VALID_COMPANYATTN, $this->VALID_COMPANYSTATE, $this->VALID_COMPANYCITY, $this->VALID_COMPANYZIP, $this->VALID_COMPANYPHONE, $this->VALID_COMPANYEMAIL, $this->VALID_COMPANYURL); $company->insert($this->getPDO()); // grab the data from mySQL and enforce the fields match our expectations $pdoCompany = Company::getCompanyByCompanyId($this->getPDO(), $company->getCompanyId()); $this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("company")); $this->assertEquals($pdoCompany->getCompanyName(), $this->VALID_COMPANYNAME); $this->assertEquals($pdoCompany->getCompanyAddress1(), $this->VALID_COMPANYADDRESS1); $this->assertEquals($pdoCompany->getCompanyAddress2(), $this->VALID_COMPANYADDRESS2); $this->assertEquals($pdoCompany->getCompanyAttn(), $this->VALID_COMPANYATTN); $this->assertEquals($pdoCompany->getCompanyState(), $this->VALID_COMPANYSTATE); $this->assertEquals($pdoCompany->getCompanyCity(), $this->VALID_COMPANYCITY); $this->assertEquals($pdoCompany->getCompanyZip(), $this->VALID_COMPANYZIP); $this->assertEquals($pdoCompany->getCompanyPhone(), $this->VALID_COMPANYPHONE); $this->assertEquals($pdoCompany->getCompanyEmail(), $this->VALID_COMPANYEMAIL); $this->assertEquals($pdoCompany->getCompanyUrl(), $this->VALID_COMPANYURL); }
} $company = new Company($companyId, $requestObject->companyName, $requestObject->companyAddress1, $requestObject->companyAddress2, $requestObject->companyAttn, $requestObject->companyState, $requestObject->companyCity, $requestObject->companyZip, $requestObject->companyPhone, $requestObject->companyEmail, $requestObject->companyUrl); $company->update($pdo); $reply->message = "Company updated OK"; } else { if ($method === "POST") { $company = new Company(null, $requestObject->companyName, $requestObject->companyAddress1, $requestObject->companyAddress2, $requestObject->companyAttn, $requestObject->companyState, $requestObject->companyCity, $requestObject->companyZip, $requestObject->companyPhone, $requestObject->companyEmail, $requestObject->companyUrl); $company->insert($pdo); $reply->message = "Company created OK"; } } } } else { if ($method === "DELETE") { verifyXsrf(); $company = Company::getCompanyByCompanyId($pdo, $companyId); if ($company === null) { throw new RuntimeException("Company does not exist", 404); } $company->delete($pdo); $deletedObject = new stdClass(); $deletedObject->companyId = $companyId; $reply->message = "Company deleted OK"; } else { throw new \RuntimeException("Must be an administrator to access."); } } } //send exception back to the caller } catch (Exception $exception) { $reply->status = $exception->getCode();