public function authenticateAction(Request $req)
{
$results = array("token" => "", "success" => "false", "message" => "", "error" => "");
if (0 === strpos($this->getRequest()->headers->get("Content-Type"), "application/json")) {
$data = json_decode($this->getRequest()->getContent(), true);
} else {
$results["error"] .= "Wrong format received. ";
}
$email = filter_var($data["email"], FILTER_SANITIZE_EMAIL);
$password_dec = filter_var($data["password"], FILTER_SANITIZE_SPECIAL_CHARS);
$db_params = get_db_params_from_config();
$db_conn = new DBConnection($db_params);
$db_conn->connect();
$res_arr = retrieve_password_fields($conn, $user_name);
$enc_vals = get_enc_vals();
$enc_pw = encrypt($_SESSION["salt"], $password_dec, $_SESSION["iv"]);
// Search database for user with matching encrypted password.
// ...
$response = new Response(json_encode($results));
$response->headers->set('Content-Type', 'application/json');
return $response;
}
/**
* Method POST only
* Processes the log in data.
*/
public function loginAction(Request $req)
{
// Call check_auth()
$user_name = filter_var($req->request->get("uEmail"), FILTER_SANITIZE_EMAIL);
$password_dec = filter_var($req->request->get("uPassword"), FILTER_SANITIZE_SPECIAL_CHARS);
if (isset($user_name) && isset($password)) {
//Check db match for user details
$res_arr = retrieve_password_fields($conn, $user_name);
//There is a match, so start a session
session_start();
$enc_vals = get_enc_vals();
// Set 3 variables in the server SESSION.
$_SESSION["salt"] = $enc_vals["salt"];
$_SESSION["iv"] = $enc_vals["iv"];
$_SESSION["userName"] = $user_name;
$enc_pw = encrypt($_SESSION["salt"], $password_dec, $_SESSION["iv"]);
$_SESSION["enc_pw"] = $enc_pw;
// Set two cookies on the client machine.
setcookie("userName", $user_name, time() + 28800, "/", "", 0);
setcookie("password", $enc_pw, time() + 28800, "/", "", 0);
return $this->render('TestCMSCMSBundle:Default:create_content.html.twig');
}
}
public function register_new($json_strg)
{
$results = array("error" => "", "result" => "");
$json_arr = json_decode($json_strg, true);
//var_dump($json_arr);
$user = $json_arr["user"];
$errors = $this->initial_user_info_check($user);
if (strlen($errors) > 0) {
$results["error"] .= $errors;
}
if (strlen($results["error"]) == 0) {
$user = $this->set_initial_missing_values($user);
//var_dump($user);
$enc_vals = get_enc_vals();
$enc_pw = encrypt($enc_vals["salt"], $user["password_dec"], $enc_vals["iv"]);
$sql = sprintf("insert into user(\n first_name, last_name, email, password_enc, group_name, active, created_date,\n updated_date, facebook_id, twitter_id\n )\n values ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s');", $user["first_name"], $user["last_name"], $user["email"], $enc_pw, $user["group_name"], $user["active"], $user["created_date"], $user["updated_date"], $user["facebook_id"], $user["twitter_id"]);
$res = $this->db_conn->query($sql);
if (strlen($this->db_conn->get_error()) > 0) {
$results["error"] .= $this->db_conn->get_error();
} else {
$results["result"] .= "User added successfully into database. ";
}
}
return $results;
}