function create_session($request) { $raw_input = $request->getBody(); $content_type = explode(';', $request->type)[0]; switch ($content_type) { case 'application/json': $input_data = json_decode($raw_input, true); break; case 'application/x-www-form-urlencoded': $input_data = array(); parse_str($raw_input, $input_data); break; default: Util::output_errors_and_die('', 415); } if ($input_data === null) { Util::output_errors_and_die('', 400); } set_empty_if_undefined($input_data['username_or_email']); set_empty_if_undefined($input_data['password']); $msg = new Messages($GLOBALS['locale'], '/signin'); try { $model = new Model(); $user_data = $model->is_valid_user($input_data['username_or_email'], $input_data['password']); if (!$user_data) { Util::output_errors_and_die($msg->_('invalid-username-pw'), 403); } switch ($user_data['status']) { case 'pending-activation': Util::output_errors_and_die($msg->_('pending-activation'), 403); break; case 'pending-approval': Util::output_errors_and_die($msg->_('pending-approval'), 403); break; case 'banned': Util::output_errors_and_die($msg->_('banned'), 403); break; case 'active': $token = generate_token($user_data); $now = new DateTime('now'); $expires_at = clone $now; $expires_at->add(new DateInterval('P7D')); $model->insert_auth_token($user_data['user_id'], $token, $now, $expires_at); http_response_code(201); $output = array('token' => $token, 'expires_at' => $expires_at->format('Y-m-d H:i:s')); setcookie('authToken', $token, $expires_at->getTimestamp(), '/', '', $secure = true, $httponly = true); header('Content-Type: application/json'); echo my_json_encode($output); die; break; } } catch (DatabaseException $e) { Util::output_errors_and_die($e->getMessage(), 503); } catch (Exception $e) { Util::output_errors_and_die($e->getMessage(), 400); } }