mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-06-02 04:39:28 +00:00
Paminger
131 lines
4.0 KiB
PHP
131 lines
4.0 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Whisperocity
|
|
*
|
|
* @package Whisperocity
|
|
* @author WSP-Team
|
|
* @copyright Copyright (c) 2015, Whisperocity
|
|
* @license proprietary
|
|
* @link http://whisperocity.com/
|
|
* @since Version 1.0
|
|
* @filesource
|
|
*/
|
|
|
|
// ------------------------------------------------------------------------
|
|
|
|
defined('BASEPATH') OR exit('No direct script access allowed');
|
|
|
|
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
|
|
require APPPATH . '/libraries/REST_Controller.php';
|
|
|
|
/**
|
|
* Handles user authentication and registration process
|
|
*/
|
|
class AuthAPI extends REST_Controller {
|
|
|
|
/**
|
|
* Userauth-Controller constructor.
|
|
* A more elaborate description of the constructor.
|
|
* {@inheritdoc}
|
|
*/
|
|
function __construct()
|
|
{
|
|
// Construct the parent class
|
|
parent::__construct();
|
|
|
|
// Configure limits on our controller methods
|
|
// Ensure you have created the 'limits' table and enabled 'limits' within application/config/rest.php
|
|
$this->methods['login_get']['limit'] = 500; // 500 requests per hour per user/key
|
|
|
|
// Load helper
|
|
$this->load->helper('fhcauth');
|
|
$this->load->library('session');
|
|
}
|
|
|
|
/**
|
|
* Checks user credentials and creates a new session
|
|
* @return string JSON that indicates success/failure of login
|
|
* @example normal account: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/password/secret/device_id/abcdef123
|
|
* @example OAuth Google: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/google_token/qwert321
|
|
* @example OAuth Facebook: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/fb_token/qwert321
|
|
*/
|
|
public function login_get()
|
|
{
|
|
$payload = array();
|
|
$errormsg = "";
|
|
$httpstatus = null;
|
|
$username = urldecode($this->get('username'));
|
|
$password = urldecode($this->get('password'));
|
|
|
|
$account = auth($username,$password);
|
|
|
|
// perform login checks
|
|
if (!$account)
|
|
$errormsg = "Auth not accepted!";
|
|
|
|
if (empty($errormsg))
|
|
{
|
|
// generate new session
|
|
$this->session->sess_regenerate();
|
|
$token = session_id();
|
|
|
|
$payload = [
|
|
'success' => true,
|
|
'message' => 'User successfully logged in',
|
|
'session_id' => $token
|
|
];
|
|
$httpstatus = REST_Controller::HTTP_OK;
|
|
}
|
|
else
|
|
{
|
|
$payload = [
|
|
'success' => false,
|
|
'message' => $errormsg
|
|
];
|
|
$httpstatus = REST_Controller::HTTP_UNAUTHORIZED;
|
|
}
|
|
|
|
// Set the response and exit
|
|
$this->response($payload, $httpstatus);
|
|
}
|
|
|
|
/**
|
|
* Logs out user by destroying session
|
|
* @return string JSON that indicates success/failure of logout
|
|
* @example http://wsp.fortyseeds.at/backend/api/userauth/logout/username/foo%40bar.at/session_id/55afab8ba6f1b/device_id/abcdef123
|
|
*/
|
|
public function logout_get()
|
|
{
|
|
$payload = array();
|
|
$httpstatus = null;
|
|
$token = $this->get('session_id');
|
|
$username = urldecode($this->get('username'));
|
|
$deviceid = $this->get('device_id');
|
|
$account = $this->user_model->load($username);
|
|
|
|
// destroy session
|
|
if ($this->session_model->destroy($account, $token, $deviceid))
|
|
{
|
|
$payload = [
|
|
'success' => true,
|
|
'message' => 'user successfully logged out'
|
|
];
|
|
$httpstatus = REST_Controller::HTTP_OK;
|
|
}
|
|
else
|
|
{
|
|
$payload = [
|
|
'success' => false,
|
|
'message' => 'user could not be logged out'
|
|
];
|
|
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
|
|
}
|
|
|
|
// Set the response and exit
|
|
$this->response($payload, $httpstatus);
|
|
}
|
|
|
|
|
|
}
|