/**
  * Process Login from api
  *
  * @return userID, Email and Token
  */
 public function loginAction()
 {
     //The login request should be POST method
     $request = $_POST;
     $token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null;
     $email = isset($request['email']) ? trim($request['email']) : null;
     $password = isset($request['password']) ? trim($request['password']) : null;
     if (!$token) {
         return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
     }
     if ($token != THENEWBOSTON_PUBLIC_API_KEY) {
         return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
     }
     $info = buckys_get_user_by_email($email);
     if (buckys_not_null($info) && buckys_validate_password($password, $info['password'])) {
         if ($info['status'] == 0) {
             //Account is not verified
             return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_ACCOUNT_NOT_VERIFIED)];
         } else {
             //Remove Old Token
             BuckysUsersToken::removeUserToken($info['userID'], 'api');
             //Create New Token
             $token = BuckysUsersToken::createNewToken($info['userID'], 'api');
             return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'TOKEN' => $token, 'EMAIL' => $info['email'], 'USERID' => $info['userID']]];
         }
     } else {
         return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Email or password is not correct.')];
     }
 }
Exemplo n.º 2
0
 /**
  * Create new password and send it to user
  * 
  * @param String $email
  */
 public function resetPassword($email)
 {
     global $db;
     $email = trim($email);
     if (!$email) {
         buckys_redirect('/register.php?forgotpwd=1', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR);
         return;
     }
     //Check Email Address
     if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $email)) {
         buckys_redirect('/register.php?forgotpwd=1', MSG_INVALID_EMAIL, MSG_TYPE_ERROR);
         return false;
     }
     $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", $email);
     $userID = $db->getVar($query);
     if (!$userID) {
         buckys_redirect('/register.php?forgotpwd=1', MSG_EMAIL_NOT_FOUND, MSG_TYPE_ERROR);
         return false;
     }
     $data = BuckysUser::getUserData($userID);
     //Remove Old Token
     BuckysUsersToken::removeUserToken($userID, 'password');
     //Create New Token
     $token = BuckysUsersToken::createNewToken($userID, 'password');
     $link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token;
     //Send an email to user with the link
     $title = "Reset your password.";
     $body = "Dear " . $data['firstName'] . " " . $data['lastName'] . "\n\n" . "Please reset your password by using the below link:\n" . $link . "\n\nBuckysroom.com";
     require_once DIR_FS_INCLUDES . "phpMailer/class.phpmailer.php";
     buckys_sendmail($data['email'], $data['firstName'] . " " . $data['lastName'], $title, $body);
     buckys_redirect('/register.php', MSG_RESET_PASSWORD_EMAIL_SENT, MSG_TYPE_SUCCESS);
     return;
 }
Exemplo n.º 3
0
     //Account Not Verified or Banned
     buckys_redirect('/index.php', !$info['token'] ? MSG_ACCOUNT_BANNED : MSG_ACCOUNT_NOT_VERIFIED, MSG_TYPE_ERROR);
 } else {
     //Login Success
     //Clear Login Attempts
     BuckysTracker::clearLoginAttemps();
     //Restart Session
     session_regenerate_id(true);
     $_SESSION['userID'] = $info['userID'];
     //Init Some Session Values
     $_SESSION['converation_list'] = [];
     //Create Login Cookie Token
     $login_token = hash('sha256', time() . buckys_generate_random_string(20, true) . time());
     $login_token_secure = md5($login_token);
     //Store Login Token
     BuckysUsersToken::removeUserToken($info['userID'], "auth");
     BuckysUsersToken::createNewToken($info['userID'], "auth", $login_token_secure);
     //Slice the login token to three pieces
     $login_token_piece1 = substr($login_token, 0, 20);
     $login_token_piece2 = substr($login_token, 20, 20);
     $login_token_piece3 = substr($login_token, 40);
     //If website is using SSL, use secure cookies
     if (SITE_USING_SSL == true) {
         setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
         setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
         setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
     } else {
         setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
         setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
         setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
     }