} else {
$email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL);
}
// create user
$user = User::getUserByUserEmail($pdo, $email);
if (empty($user)) {
throw new InvalidArgumentException("invalid email address");
}
// hash for $password
$hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144);
// verify hash is correct
if ($hash !== $user->getUserHash()) {
throw new \InvalidArgumentException("password or username is incorrect");
}
// grabbing company from database and put company and user in the session
$company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId());
$_SESSION["company"] = $company;
$_SESSION["user"] = $user;
$reply->message = "login was successful";
} else {
throw new \Exception("Invalid HTTP method");
}
} catch (\Exception $exception) {
$reply->status = $exception->getCode();
$reply->message = $exception->getMessage();
} catch (\TypeError $typeError) {
$reply->status = $exception->getCode();
$reply->message = $exception->getMessage();
}
header("Content-type: application/json");
echo json_encode($reply);
/**
* test inserting a Company and re-grabbing it from mySQL
**/
public function testGetValidCompanyByCompanyId()
{
// count the number of rows and save it for later
$numRows = $this->getConnection()->getRowCount("company");
// create a new Company and insert to into mySQL
$company = new Company(null, $this->VALID_COMPANYNAME, $this->VALID_COMPANYADDRESS1, $this->VALID_COMPANYADDRESS2, $this->VALID_COMPANYATTN, $this->VALID_COMPANYSTATE, $this->VALID_COMPANYCITY, $this->VALID_COMPANYZIP, $this->VALID_COMPANYPHONE, $this->VALID_COMPANYEMAIL, $this->VALID_COMPANYURL);
$company->insert($this->getPDO());
// grab the data from mySQL and enforce the fields match our expectations
$pdoCompany = Company::getCompanyByCompanyId($this->getPDO(), $company->getCompanyId());
$this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("company"));
$this->assertEquals($pdoCompany->getCompanyName(), $this->VALID_COMPANYNAME);
$this->assertEquals($pdoCompany->getCompanyAddress1(), $this->VALID_COMPANYADDRESS1);
$this->assertEquals($pdoCompany->getCompanyAddress2(), $this->VALID_COMPANYADDRESS2);
$this->assertEquals($pdoCompany->getCompanyAttn(), $this->VALID_COMPANYATTN);
$this->assertEquals($pdoCompany->getCompanyState(), $this->VALID_COMPANYSTATE);
$this->assertEquals($pdoCompany->getCompanyCity(), $this->VALID_COMPANYCITY);
$this->assertEquals($pdoCompany->getCompanyZip(), $this->VALID_COMPANYZIP);
$this->assertEquals($pdoCompany->getCompanyPhone(), $this->VALID_COMPANYPHONE);
$this->assertEquals($pdoCompany->getCompanyEmail(), $this->VALID_COMPANYEMAIL);
$this->assertEquals($pdoCompany->getCompanyUrl(), $this->VALID_COMPANYURL);
}
}
$company = new Company($companyId, $requestObject->companyName, $requestObject->companyAddress1, $requestObject->companyAddress2, $requestObject->companyAttn, $requestObject->companyState, $requestObject->companyCity, $requestObject->companyZip, $requestObject->companyPhone, $requestObject->companyEmail, $requestObject->companyUrl);
$company->update($pdo);
$reply->message = "Company updated OK";
} else {
if ($method === "POST") {
$company = new Company(null, $requestObject->companyName, $requestObject->companyAddress1, $requestObject->companyAddress2, $requestObject->companyAttn, $requestObject->companyState, $requestObject->companyCity, $requestObject->companyZip, $requestObject->companyPhone, $requestObject->companyEmail, $requestObject->companyUrl);
$company->insert($pdo);
$reply->message = "Company created OK";
}
}
}
} else {
if ($method === "DELETE") {
verifyXsrf();
$company = Company::getCompanyByCompanyId($pdo, $companyId);
if ($company === null) {
throw new RuntimeException("Company does not exist", 404);
}
$company->delete($pdo);
$deletedObject = new stdClass();
$deletedObject->companyId = $companyId;
$reply->message = "Company deleted OK";
} else {
throw new \RuntimeException("Must be an administrator to access.");
}
}
}
//send exception back to the caller
} catch (Exception $exception) {
$reply->status = $exception->getCode();
