private function authenticationMessage($message)
{
switch ($message->action) {
case 'login':
$data = $message->data;
if (!empty($data->username) && !empty($data->password)) {
if ($this->checkValidToken()) {
$sql = "SELECT `id`, `password` FROM user WHERE active = 1 AND username = '******'";
$users = $this->_db->fetchAll($sql);
$loggedIn = false;
if (1 == count($users)) {
$this->_userId = $this->_db->escape($users[0]['id']);
$password = $users[0]['password'];
$hash = sha1($this->getToken() . $password);
$loggedIn = $hash === $data->password;
$sql = "UPDATE client SET userId = " . $this->_userId . " WHERE active = 1 AND resourceId = " . $this->_db->escape($this->_client->resourceId);
$this->_db->query($sql);
$this->invalidateOtherSessions();
} else {
if (1 < count($users)) {
$this->sendError("Invalid request to login user - Unexpected user count");
}
}
$this->sendMessage(Messaging::response('authentication', $message->action, array('loggedIn' => $loggedIn, 'message' => $loggedIn ? "" : "Username or Password is incorrect")));
}
return;
} else {
$this->sendError("Invalid request to login user");
}
return;
default:
$this->sendError("Unknown Message: " . json_encode($message));
break;
}
}
public function handleMessage($logic, $action, $type, $data)
{
switch ($action) {
case 'email_exists':
if ('request' == $type) {
if (array_key_exists('email', $data)) {
$logic->send(Messaging::response('user', $action, $this->checkUserExists($data['email'])));
} else {
$logic->error("Invalid call to User::emailExists - email not found");
}
} else {
$logic->error("Invalid call to User::emailExists");
}
break;
case 'create':
if ('request' == $type) {
$params = [];
foreach (['email', 'password', 'firstname', 'lastname'] as $key => $value) {
if (!array_key_exists($value, $data)) {
$logic->error("Invalid call to User::create - {$value} not found");
}
if (empty($data[$value])) {
$logic->error("Invalid call to User::create - {$value} is empty");
}
$params[$value] = $data[$value];
}
//All fields are present and valid
$exists = $this->checkUserExists($data['email']);
$exists = $exists['exists'];
if (!$exists) {
$params['activationKey'] = strtoupper(sha1(uniqid()));
$this->db->prepareInsert($params);
$logic->send(Messaging::response('user', $action, ['created' => $this->db->insert('User')]));
// TODO: Remove this, just for debug - need to send email
echo "\nActivation Key: " . $params['activationKey'] . "\n";
} else {
$logic->send(Messaging::response('user', $action, ['created' => false, 'reason' => 'email already exists']));
}
} else {
$logic->error("Invalid call to User::create");
}
break;
case 'login':
if ('request' == $type) {
$params = [];
foreach (['email', 'password'] as $key => $value) {
if (!array_key_exists($value, $data)) {
$logic->error("Invalid call to User::login - {$value} not found");
}
if (empty($data[$value])) {
$logic->error("Invalid call to User::login - {$value} is empty");
}
$params[$value] = $data[$value];
}
//All fields are present and valid
$sql = "SELECT `password`, `active` FROM User WHERE `email` = '" . $this->db->escape($params['email']) . "'";
$users = $this->db->fetchAll($sql);
if (1 == count($users)) {
if (1 == $users[0]['active']) {
$calcToken = sha1($this->getToken() . $users[0]['password']);
$logic->send(Messaging::response('user', $action, ['loggedIn' => $calcToken == $params['password'], 'message' => $calcToken == $params['password'] ? '' : 'Password is incorrect']));
} else {
$logic->send(Messaging::response('user', $action, ['loggedIn' => false, 'message' => 'Please check your email to activate your account']));
}
} else {
$logic->send(Messaging::response('user', $action, ['loggedIn' => false, 'message' => 'User not found']));
}
} else {
$logic->error("Invalid call to User::login");
}
break;
default:
$logic->error("Unknown User action");
break;
}
}
