public function postLogin() { // get input parameters // $username = Input::get('username'); $password = Input::get('password'); // validate user // $user = User::getByUsername($username); if ($user) { if (User::isValidPassword($password, $user->password)) { if ($user->isEnabled()) { $res = Response::json(array('user_uid' => $user->user_uid)); Session::set('timestamp', time()); Session::set('user_uid', $user->user_uid); return $res; } else { return Response::make('User has not been approved.', 401); } } else { return Response::make('Incorrect username or password.', 401); } } else { return Response::make('Incorrect username or password.', 401); } }
/** * new user validation method */ public function isValid(&$errors, $anyEmail = false) { // check to see if username has been taken // $user = User::getByUsername($this->username); if ($user != null) { $errors[] = 'The username "' . $this->username . '" is already in use.'; } // check to see if email address has been taken // $values = array(); $email = $this->email; if (preg_match("/(\\w*)(\\+.*)(@.*)/", $this->email, $values)) { $email = $values[1] . $values[3]; } foreach (self::getAll() as $registered_user) { $values = array(); if (preg_match("/(\\w*)(\\+.*)(@.*)/", $registered_user->email, $values)) { $registered_user->email = $values[1] . $values[3]; } if (strtolower($email) == strtolower($registered_user->email)) { $errors[] = 'The email address "' . $this->email . '" is already in use.'; break; } } // promo code presence check // $promo_found = false; if (Input::has('promo')) { $pdo = DB::connection('mysql')->getPdo(); $sth = $pdo->prepare('SELECT * FROM project.promo_code WHERE promo_code = :promo AND expiration_date > NOW()'); $sth->execute(array(':promo' => Input::get('promo'))); $result = $sth->fetchAll(PDO::FETCH_ASSOC); if ($result == false || sizeof($result) < 1) { if (!Input::has('email-verification')) { $errors[] = '"' . Input::get('promo') . '" is not a valid SWAMP promotional code or has expired.'; } } else { $promo_found = true; } } // user_external_id presense check // $user_external_id = Input::has('user_external_id'); // check to see if the domain name is valid // if (!$promo_found && !$user_external_id && $anyEmail !== true) { $domain = User::getEmailDomain($this->email); if (!User::isValidEmailDomain($domain)) { $errors[] = 'Email addresses from "' . $domain . '" are not allowed.'; } } return sizeof($errors) == 0; }
public function postCreate() { $user = User::getByUsername(Input::get('username')); $user = $user ? $user : User::getByEmail(Input::get('email')); if (!$user) { return Response::json(array('success' => true)); } $passwordResetNonce = $nonce = GUID::create(); $passwordReset = new PasswordReset(array('password_reset_key' => Hash::make($passwordResetNonce), 'user_uid' => $user->user_uid)); $passwordReset->save(); $passwordReset->send($nonce); return Response::json(array('success' => true)); }
public function getUserByUsername() { // get parameters // $username = Input::get('username'); // query database // $user = User::getByUsername($username); // return response // if ($user != null) { return $user; } else { return Response::make('Could not find a user associated with the username: ' . $username, 404); } }
public function githubLink() { $username = Input::get('username'); $password = Input::get('password'); $user = User::getByUsername($username); if ($user) { if (User::isValidPassword($password, $user->password)) { if ($user->hasBeenVerified()) { if ($user->isEnabled()) { // Attempt to load the github account the user is currently logged in as. // if (!Session::has('github_access_token') || !Session::has('github_access_time')) { return Response::make('Unauthorized GitHub access.', 401); } if (gmdate('U') - Session::get('github_access_time') > 15 * 60) { return Response::make('GitHub access has expired. If you would like to link a GitHub account to an existing SWAMP account, please click "Sign In" and select "Sign in With GitHub."', 401); } $token = Session::get('github_access_token'); $ch = curl_init('https://api.github.com/user'); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: token {$token}")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET'); curl_setopt($ch, CURLOPT_USERAGENT, 'SWAMP'); $response = curl_exec($ch); $github_user = json_decode($response); if (!property_exists($github_user, 'id')) { return Response::make('Unable to authenticate with GitHub.', 401); } // Make sure they don't already have an account // $account = LinkedAccount::where('user_uid', '=', $user->user_uid)->where('linked_account_provider_code', '=', 'github')->first(); if ($account && !(Input::has('confirmed') && Input::get('confirmed') === 'true')) { return Response::json(array('error' => 'EXISTING_ACCOUNT', 'username' => $user->username, 'login' => $github_user->login), 401); } // Verify they are logged in as the account they are attempting to link to. // if ($github_user->id != Input::get('github_id')) { return Response::make('Unauthorized GitHub access.', 401); } // Remove any old entries LinkedAccount::where('user_uid', '=', $user->user_uid)->where('linked_account_provider_code', '=', 'github')->delete(); // Link the accounts // $linkedAccount = new LinkedAccount(array('linked_account_provider_code' => 'github', 'user_external_id' => Input::get('github_id'), 'enabled_flag' => 1, 'user_uid' => $user->user_uid, 'create_date' => gmdate('Y-m-d H:i:s'))); $linkedAccount->save(); $userEvent = new UserEvent(array('user_uid' => $user->user_uid, 'event_type' => 'linkedAccountCreated', 'value' => json_encode(array('linked_account_provider_code' => 'github', 'user_external_id' => $linkedAccount->user_external_id, 'user_ip' => $_SERVER['REMOTE_ADDR'])))); $userEvent->save(); Response::make('User account linked!'); } else { return Response::make('User has not been approved.', 401); } } else { return Response::make('User email has not been verified.', 401); } } else { return Response::make('Incorrect username or password.', 401); } } else { return Response::make('Incorrect username or password.', 401); } }
public function postResend() { // get input parameters // $username = Input::get('username'); $password = Input::get('password'); // validate user // $user = User::getByUsername($username); if ($user) { if (User::isValidPassword($password, $user->password)) { // get email verification // $emailVerification = $user->getEmailVerification(); // resend // $emailVerification->send('#register/verify-email'); } } }