function validateToken($requireAdmin = false)
{
global $jsonResponse, $app;
$retVal = false;
if (checkDbToken()) {
$retVal = true;
} else {
clearDbToken();
$jsonResponse->message = 'Invalid token.';
$app->response->setStatus(401);
}
if ($retVal && $requireAdmin) {
$user = getUser();
if (!$user->isAdmin) {
clearDbToken();
$jsonResponse->message = 'Insufficient user privileges.';
$app->response->setStatus(401);
}
}
return $retVal;
}
setUserToken($lookup, $expires);
$lookup->logins = $lookup->logins + 1;
$lookup->lastLogin = time();
R::store($lookup);
logAction($lookup->username . ' logged in.', null, null);
$jsonResponse->message = 'Login successful.';
$jsonResponse->data = R::findOne('token', ' user_id = ? ORDER BY id DESC ', [$lookup->id])->token;
$app->response->setStatus(200);
}
}
$app->response->setBody($jsonResponse->asJson());
});
// Log out a user by clearing tokens.
$app->get('/logout', function () use($app, $jsonResponse) {
if (validateToken()) {
clearDbToken();
$jsonResponse->message = 'Logout complete.';
$actor = getUser();
logAction($actor->username . ' logged out.', null, null);
}
$app->response->setStatus(200);
// Doesn't matter if the token was no good.
$app->response->setBody($jsonResponse->asJson());
});
// Update current user's password.
$app->post('/updatepassword', function () use($app, $jsonResponse) {
$data = json_decode($app->environment['slim.input']);
if (validateToken()) {
$user = getUser();
if (null != $user) {
$checkPass = password_hash($data->currentPass, PASSWORD_BCRYPT, array('salt' => $user->salt));
