Exemplo n.º 1
0
 public function postLogin()
 {
     // get input parameters
     //
     $username = Input::get('username');
     $password = Input::get('password');
     // validate user
     //
     $user = User::getByUsername($username);
     if ($user) {
         if (User::isValidPassword($password, $user->password)) {
             if ($user->isEnabled()) {
                 $res = Response::json(array('user_uid' => $user->user_uid));
                 Session::set('timestamp', time());
                 Session::set('user_uid', $user->user_uid);
                 return $res;
             } else {
                 return Response::make('User has not been approved.', 401);
             }
         } else {
             return Response::make('Incorrect username or password.', 401);
         }
     } else {
         return Response::make('Incorrect username or password.', 401);
     }
 }
Exemplo n.º 2
0
 /**
  * new user validation method
  */
 public function isValid(&$errors, $anyEmail = false)
 {
     // check to see if username has been taken
     //
     $user = User::getByUsername($this->username);
     if ($user != null) {
         $errors[] = 'The username "' . $this->username . '" is already in use.';
     }
     // check to see if email address has been taken
     //
     $values = array();
     $email = $this->email;
     if (preg_match("/(\\w*)(\\+.*)(@.*)/", $this->email, $values)) {
         $email = $values[1] . $values[3];
     }
     foreach (self::getAll() as $registered_user) {
         $values = array();
         if (preg_match("/(\\w*)(\\+.*)(@.*)/", $registered_user->email, $values)) {
             $registered_user->email = $values[1] . $values[3];
         }
         if (strtolower($email) == strtolower($registered_user->email)) {
             $errors[] = 'The email address "' . $this->email . '" is already in use.';
             break;
         }
     }
     // promo code presence check
     //
     $promo_found = false;
     if (Input::has('promo')) {
         $pdo = DB::connection('mysql')->getPdo();
         $sth = $pdo->prepare('SELECT * FROM project.promo_code WHERE promo_code = :promo AND expiration_date > NOW()');
         $sth->execute(array(':promo' => Input::get('promo')));
         $result = $sth->fetchAll(PDO::FETCH_ASSOC);
         if ($result == false || sizeof($result) < 1) {
             if (!Input::has('email-verification')) {
                 $errors[] = '"' . Input::get('promo') . '" is not a valid SWAMP promotional code or has expired.';
             }
         } else {
             $promo_found = true;
         }
     }
     // user_external_id presense check
     //
     $user_external_id = Input::has('user_external_id');
     // check to see if the domain name is valid
     //
     if (!$promo_found && !$user_external_id && $anyEmail !== true) {
         $domain = User::getEmailDomain($this->email);
         if (!User::isValidEmailDomain($domain)) {
             $errors[] = 'Email addresses from "' . $domain . '" are not allowed.';
         }
     }
     return sizeof($errors) == 0;
 }
 public function postCreate()
 {
     $user = User::getByUsername(Input::get('username'));
     $user = $user ? $user : User::getByEmail(Input::get('email'));
     if (!$user) {
         return Response::json(array('success' => true));
     }
     $passwordResetNonce = $nonce = GUID::create();
     $passwordReset = new PasswordReset(array('password_reset_key' => Hash::make($passwordResetNonce), 'user_uid' => $user->user_uid));
     $passwordReset->save();
     $passwordReset->send($nonce);
     return Response::json(array('success' => true));
 }
Exemplo n.º 4
0
 public function getUserByUsername()
 {
     // get parameters
     //
     $username = Input::get('username');
     // query database
     //
     $user = User::getByUsername($username);
     // return response
     //
     if ($user != null) {
         return $user;
     } else {
         return Response::make('Could not find a user associated with the username: ' . $username, 404);
     }
 }
Exemplo n.º 5
0
 public function githubLink()
 {
     $username = Input::get('username');
     $password = Input::get('password');
     $user = User::getByUsername($username);
     if ($user) {
         if (User::isValidPassword($password, $user->password)) {
             if ($user->hasBeenVerified()) {
                 if ($user->isEnabled()) {
                     // Attempt to load the github account the user is currently logged in as.
                     //
                     if (!Session::has('github_access_token') || !Session::has('github_access_time')) {
                         return Response::make('Unauthorized GitHub access.', 401);
                     }
                     if (gmdate('U') - Session::get('github_access_time') > 15 * 60) {
                         return Response::make('GitHub access has expired.  If you would like to link a GitHub account to an existing SWAMP account, please click "Sign In" and select "Sign in With GitHub."', 401);
                     }
                     $token = Session::get('github_access_token');
                     $ch = curl_init('https://api.github.com/user');
                     curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: token {$token}"));
                     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                     curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
                     curl_setopt($ch, CURLOPT_USERAGENT, 'SWAMP');
                     $response = curl_exec($ch);
                     $github_user = json_decode($response);
                     if (!property_exists($github_user, 'id')) {
                         return Response::make('Unable to authenticate with GitHub.', 401);
                     }
                     // Make sure they don't already have an account
                     //
                     $account = LinkedAccount::where('user_uid', '=', $user->user_uid)->where('linked_account_provider_code', '=', 'github')->first();
                     if ($account && !(Input::has('confirmed') && Input::get('confirmed') === 'true')) {
                         return Response::json(array('error' => 'EXISTING_ACCOUNT', 'username' => $user->username, 'login' => $github_user->login), 401);
                     }
                     // Verify they are logged in as the account they are attempting to link to.
                     //
                     if ($github_user->id != Input::get('github_id')) {
                         return Response::make('Unauthorized GitHub access.', 401);
                     }
                     // Remove any old entries
                     LinkedAccount::where('user_uid', '=', $user->user_uid)->where('linked_account_provider_code', '=', 'github')->delete();
                     // Link the accounts
                     //
                     $linkedAccount = new LinkedAccount(array('linked_account_provider_code' => 'github', 'user_external_id' => Input::get('github_id'), 'enabled_flag' => 1, 'user_uid' => $user->user_uid, 'create_date' => gmdate('Y-m-d H:i:s')));
                     $linkedAccount->save();
                     $userEvent = new UserEvent(array('user_uid' => $user->user_uid, 'event_type' => 'linkedAccountCreated', 'value' => json_encode(array('linked_account_provider_code' => 'github', 'user_external_id' => $linkedAccount->user_external_id, 'user_ip' => $_SERVER['REMOTE_ADDR']))));
                     $userEvent->save();
                     Response::make('User account linked!');
                 } else {
                     return Response::make('User has not been approved.', 401);
                 }
             } else {
                 return Response::make('User email has not been verified.', 401);
             }
         } else {
             return Response::make('Incorrect username or password.', 401);
         }
     } else {
         return Response::make('Incorrect username or password.', 401);
     }
 }
 public function postResend()
 {
     // get input parameters
     //
     $username = Input::get('username');
     $password = Input::get('password');
     // validate user
     //
     $user = User::getByUsername($username);
     if ($user) {
         if (User::isValidPassword($password, $user->password)) {
             // get email verification
             //
             $emailVerification = $user->getEmailVerification();
             // resend
             //
             $emailVerification->send('#register/verify-email');
         }
     }
 }