public function call() { $req = $this->app->request(); $res = $this->app->response(); $access_granted = false; $auth_user = filter_var($req->headers('X-FeedBox-User'), FILTER_SANITIZE_STRING); $auth_pass = filter_var($req->headers('X-FeedBox-Pass'), FILTER_SANITIZE_STRING); $auth_client = filter_var($req->headers('X-FeedBox-Client'), FILTER_SANITIZE_STRING); // find corrensponding user $user = $this->userRepository->findBy('name', $auth_user); if (empty($user)) { $user = $this->checkConfigUser($auth_user, $auth_pass); } if (!empty($auth_pass)) { if (!empty($user) && $auth_client && password_verify($auth_pass, $user['password'])) { $token = md5(uniqid($auth_user . $auth_pass . microtime(), true)); $expire = date('Y-m-d H:i:s', strtotime($this->app->config('login.expire'))); $this->accessRepository->persist(['user_id' => $user['id'], 'client' => $auth_client, 'token' => $token, 'expire' => $expire]); $res['X-FeedBox-Next-Token'] = $token; $access_granted = true; } } else { $token = filter_var($req->headers('X-FeedBox-Token'), FILTER_SANITIZE_STRING); if (!empty($user) && !empty($token)) { $access = $this->accessRepository->findByUserClient($user['id'], $auth_client); if ($access !== false && $access['token'] === $token && strtotime($access['expire']) >= strtotime('now')) { $access_granted = true; } } } if ($access_granted) { $this->app->user = $user; $this->next->call(); } else { $res->status(401); $res->body('{"error": "Access denied."}'); } }
public function signoutAction() { $request_data = $this->jsonRequest(); if (empty($request_data) || !array_key_exists('user', $request_data) && !array_key_exists('client', $request_data)) { $this->renderJson(array('error' => 'User and client are missing'), 404); } $userRepository = new UserRepository($this->app->db); $user = $userRepository->findBy('name', $request_data['user']); if (!$user) { $this->renderJson(array('error' => 'User not found'), 404); } $accessRepository = new AccessRepository($this->app->db); $accessRepository->removeUserClient($user['id'], $request_data['client']); $this->renderJson(array('logout' => 'successful')); }
$password = $request->post('register_password'); $retype = $request->post('register_password_retype'); if (empty($user['name'])) { $error['register_username'] = '******'; } if (empty($user['email'])) { $error['register_email'] = 'eMail is empty.'; } if (empty($password)) { $error['register_password'] = '******'; } if (empty($retype)) { $error['register_password_retype'] = 'Retyped password is empty.'; } if (empty($error)) { $found = $userRepository->findBy('name', $user['name']); if (!$found) { if ($password === $retype) { if ($app->config('registration.auto_active')) { $user['active'] = true; } $user['password'] = password_hash($password, PASSWORD_DEFAULT); $user['created_at'] = date('Y-m-d H:i:s'); $user['updated_at'] = $user['created_at']; $userRepository->persist($user); $app->render('done.html.twig', array('title' => 'Registration')); return; } else { $error['register_password_retype'] = 'The retyped password does not match the password.'; } } else {