static function changeUserPassword($app)
{
$post = $app->request->post();
if (!v::key('userId', v::stringType())->validate($post) && !v::key('email', v::stringType())->validate($post) || !v::key('current', v::stringType())->validate($post)) {
return $app->render(400, array('msg' => "Password could not be changed. Check your parameters and try again."));
} else {
if (!AuthControllerNative::validatePasswordRequirements($post, 'new')) {
return $app->render(400, array('msg' => "Invalid Password. Check your parameters and try again."));
}
}
$savedPassword = v::key('userId', v::stringType())->validate($post) ? AuthData::selectUserPasswordById($post['userId']) : AuthData::selectUserPasswordByEmail($post['email']);
if (!$savedPassword) {
return $app->render(400, array('msg' => "User not found. Check your parameters and try again."));
} else {
if (!password_verify($post['current'], $savedPassword)) {
return $app->render(400, array('msg' => "Invalid user password. Unable to verify request."));
} else {
if (AuthData::updateUserPassword(array(':id' => $post['userId'], ':password' => password_hash($post['new'], PASSWORD_DEFAULT)))) {
return $app->render(200, array('msg' => "Password successfully changed."));
} else {
return $app->render(400, array('msg' => "Password could not be changed. Try again later."));
}
}
}
}
static function signup($app)
{
// Get Post Data
$post = $app->request->post();
// Validate Sent Input
$valid = self::validateFacebookProfile($post);
if ($valid !== true) {
return array('registered' => false, 'msg' => 'Facebook signup failed. Check your parameters and try again.');
}
/*
$token = self::getActiveAccessToken();
$profile = self::getProfile($post['accessToken']);
if(true || !$token) {
return array('registered' => false, 'msg' => 'Facebook signup failed. You are not logged into Facebook.', 'token' => $token, 'profile' => $profile, 'post' => $post, 'cookie' => $_COOKIE);
}
*/
// Look for user with that email
$existing = AuthData::selectUserAndPasswordByEmail($post['email']);
if ($existing) {
/// FAIL - If a user with that email already exists
return array('registered' => false, 'msg' => 'Facebook signup failed. A user with that email already exists.');
}
$validUser = array(':email' => $post['email'], ':name_first' => $post['nameFirst'], ':name_last' => $post['nameLast'], ':facebook_id' => $post['facebookId']);
$userId = AuthData::insertFacebookUser($validUser);
if (!$userId) {
/// FAIL - If Inserting the user failed
return array('registered' => false, 'msg' => 'Facebook signup failed. Could not save user.');
}
// Select our new user
$user = AuthData::selectUserById($userId);
if (!$user) {
/// FAIL - If Inserting the user failed (hopefully this is redundant)
return array('registered' => false, 'msg' => 'Facebook signup failed. Could not select user.');
}
// Save "Where did you hear about us" and any other additional questions
// This is "quiet" in that it may not execute if no paramters match
// And it doesnt set the response for the api call
InfoController::quietlySaveAdditional($post, $user->id);
// Create an authorization
$token = AuthControllerNative::createAuthToken($app, $user->id);
if ($token) {
// Create the return object
$found = array('user' => $user);
$found['user']->apiKey = $token['apiKey'];
$found['user']->apiToken = $token['apiToken'];
$found['sessionLifeHours'] = $token['sessionLifeHours'];
$found['registered'] = true;
return $found;
} else {
return array('registered' => false, 'msg' => 'Facebook Signup failed to creat auth token.');
}
}
