}
});
$app->get('/app/login', function () use($app, $twig, $assets) {
$request = $app->request();
$action = $request->params('action');
$data = array('user' => 'testuser', 'test' => 'hahahahha', 'static_url' => $assets, 'action' => $action, 'csrf_key' => $app->view()->getData('csrf_key'), 'csrf_token' => $app->view()->getData('csrf_token'));
echo $twig->render('views/login.php', $data);
});
$app->post('/app/login', function () use($app, $twig, $assets) {
$check_user = $MongoUser->findOne(array('$and' => array(array('email' => $slim->request()->post('email')), array('password' => $slim->request()->post('password')))));
if ($check_user) {
// set the session here
if (!isset($_SESSION)) {
session_start();
}
# nice technique : http://stackoverflow.com/questions/19068363/storing-and-retrieving-an-array-in-a-php-cookie
$dataArray = array('user' => $new_user, 'message' => "User created sucessfully");
$response = json_encode($dataArray);
echo $response;
} else {
$app->halt(401, "Credentials incorrect or user dont exist.");
}
});
$app->post('/app/create', function () use($app, $twig, $assets, $MongoUser) {
$_user = array('_id' => uniqid(), 'email' => $app->request()->post('email'), 'password' => $app->request()->post('password'));
$new_user = $MongoUser->save($_user);
if ($new_user) {
// redirect to login page
$dataArray = array('user' => $new_user, 'message' => "User created sucessfully");
//$response = json_encode($dataArray);
//echo $response;
$db = new NotORM($pdo);
// Home Route
$app->get('/', function () use($app) {
$app->response->setStatus(200);
$app->render('../templates/homepage.html');
});
// Register a user
$app->post('/register', function () use($app, $db) {
$app->response()->header('Content-Type', 'application/json');
$name = $app->request()->post('name');
$email = $app->request()->post('email');
$password = $app->request()->post('password');
$passwordEncryption = md5($password);
if ($email === $db->users()->where('email', $email)->fetch('email')) {
echo json_encode(['message' => 'That email address is already in use. Please use another email address']);
} else {
$user = ['name' => "{$name}", 'email' => "{$email}", 'password' => "{$passwordEncryption}"];
$result = $db->users->insert($user);
$users = array();
foreach ($db->users() as $user) {
$users[] = array('id' => $user['id'], 'name' => $user['name'], 'email' => $user['email']);
}
echo json_encode($users, JSON_FORCE_OBJECT);
}
});
// Login a user
$app->post('/login', function () use($app, $db) {
$email = $app->request->post('email');
$password = $app->request->post('password');
$new = md5($password);
if ($email === $db->users()->where('email', $email)->fetch('email') && $new === $db->users->where('email', $email)->fetch('password')) {
$timeNow = new DateTime();
$app->post('/login', function () use($app) {
// check for required params
verify_required_params(array('email', 'password'));
// reading post params
$email = $app->request()->post('email');
$password = $app->request()->post('password');
$response = array('request' => 'login');
// Sanitize data
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$password = filter_var($password, FILTER_SANITIZE_STRING);
// Validate data
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$response['error'] = true;
$response['msg'] = 'Input data not valid.';
echoRespnse(401, $response);
$app->stop();
}
$db = new DbHandler();
// check for correct email and password
if ($db_uid = $db->checkUserExisits($email)) {
if ($db->userLogin($email, $password)) {
$response['error'] = false;
$response['login'] = true;
$response['msg'] = 'User logged in.';
echoRespnse(200, $response);
$app->stop();
} else {
$response['error'] = true;
$response['msg'] = 'Password wrong.';
echoRespnse(401, $response);
$app->stop();
}
} else {
$response['error'] = true;
$response['msg'] = 'User not found.';
echoRespnse(401, $response);
$app->stop();
}
});
$logWriter = new \Flynsarmy\SlimMonolog\Log\MonologWriter(array('handlers' => array(new \Monolog\Handler\StreamHandler('src/log/' . date('Y-m-d') . '.log'))));
//$logWriter = new \Slim\LogWriter(fopen('src/log/errors_slim.log', 'a'));
//$logWriter = new \Slim\LogWriter(fopen('src/log/bullhorn.log', 'a'));
$app = new \Slim\Slim(array('debug' => true, 'log.enabled' => true, 'log.level' => \Slim\Log::DEBUG, 'mode' => 'development', 'log.writer' => $logWriter, 'templates.path' => 'Stratum/templates'));
$app->setName('stratum');
$log = $app->getLog();
$app->post('/endpoint/:id', function ($endpoint) use($log) {
$entityBody = file_get_contents('php://input');
$log->debug($entityBody);
$formController = new Stratum\Controller\FormController();
$log->debug("parsing input data");
$formResult = $formController->parse($entityBody);
$formResult->setLogger($log);
//form has updated mappings for each question
$candidate = new Stratum\Model\Candidate();
$candidate->setLogger($log);
$log->debug("parsed input data");
$candidateController = new Stratum\Controller\CandidateController();
$candidateController->setLogger($log);
$candidate = $candidateController->populate($candidate, $formResult);
$log->debug("Candidate submitted with name " . $candidate->getName());
$controller = new Stratum\Controller\BullhornController();
$controller->setLogger($log);
$controller->submit($candidate);
});
$app->get('/launch', function () use($app) {
$app->redirect('http://northcreek.ca/stratum/launch.html');
});
$app->get('/launchForm', function (Request $request, Response $response) use($log) {
// this is all the happy path assuming everything is set up properly from the Bullhorn side
//load the id from the request
$app->post('/login', function () use($app) {
// Dev only
// Sleep 3 seconds before processing the request
// to display the loader
sleep(1);
// check for required params
verify_required_params(array('email', 'password'));
// reading post params
$email = $app->request()->post('email');
$password = $app->request()->post('password');
$response = array('request' => 'login');
// Sanitize data
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$password = filter_var($password, FILTER_SANITIZE_STRING);
// Validate data
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$response['error'] = true;
$response['msg'] = 'Input data not valid.';
echoRespnse(401, $response);
$app->stop();
}
$db = new DbHandler();
// check for correct email and password
if ($db_uid = $db->checkUserExisits($email)) {
// Check the brute force
if ($db->checkBrute($db_uid)) {
// Account is locked
$response['error'] = true;
$response['msg'] = 'Accout locked.';
echoRespnse(401, $response);
$app->stop();
}
if ($db->userLogin($email, $password)) {
$response['error'] = false;
$response['login'] = true;
$response['msg'] = 'User logged in.';
echoRespnse(200, $response);
$app->stop();
} else {
$response['error'] = true;
$response['msg'] = 'Password wrong.';
echoRespnse(401, $response);
$app->stop();
}
} else {
$response['error'] = true;
$response['msg'] = 'User not found.';
echoRespnse(401, $response);
$app->stop();
}
});
