예제 #1
0
 /**
  * test grabbing a user by first name that does not exist
  */
 public function testGetInvalidUserByUserEmail()
 {
     //grab a user id that exceeds the maximum allowable user id
     $user = User::getUserByUserEmail($this->getPDO(), "nobody is a user");
     $this->assertNull($user);
 }
예제 #2
0
     //	verifyXsrf();
     $requestContent = file_get_contents("php://input");
     $requestObject = json_decode($requestContent);
     // check that the necessary fields have been sent and filter
     if (empty($requestObject->userPassword) === true) {
         throw new InvalidArgumentException("must enter a password", 405);
     } else {
         $password = filter_var($requestObject->userPassword, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
     }
     if (empty($requestObject->userEmail) === true) {
         throw new InvalidArgumentException("email cannot be empty", 405);
     } else {
         $email = filter_var($requestObject->userEmail, FILTER_SANITIZE_EMAIL);
     }
     // create user
     $user = User::getUserByUserEmail($pdo, $email);
     if (empty($user)) {
         throw new InvalidArgumentException("invalid email address");
     }
     // hash for $password
     $hash = hash_pbkdf2("sha512", $password, $user->getUserSalt(), 262144);
     // verify hash is correct
     if ($hash !== $user->getUserHash()) {
         throw new \InvalidArgumentException("password or username is incorrect");
     }
     // grabbing company from database and put company and user in the session
     $company = Company::getCompanyByCompanyId($pdo, $user->getUserCompanyId());
     $_SESSION["company"] = $company;
     $_SESSION["user"] = $user;
     $reply->message = "login was successful";
 } else {