CIM88 - Changelog en reporting
This commit is contained in:
“VeLiTi”
105
api/v2/authorization.php
Normal file
105
api/v2/authorization.php
Normal file
@@ -0,0 +1,105 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
|
||||
//------------------------------------------
|
||||
// Get user_details
|
||||
//------------------------------------------
|
||||
$user_credentials = json_decode($input,true);
|
||||
//Connect to DB
|
||||
$pdo = dbConnect($dbname);
|
||||
$username = $user_credentials['username'] ?? '';
|
||||
//Define Query
|
||||
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?');
|
||||
//Excute Query
|
||||
$stmt->execute([$username]);
|
||||
|
||||
//SETUP SQL FOR LOGIN_COUNT
|
||||
$sql_login = 'UPDATE users SET login_count = ? WHERE id = ?';
|
||||
|
||||
// Check if username exists. Verify user exists then verify
|
||||
if ($stmt->rowCount() == 1) {
|
||||
$user_data = $stmt->fetch();
|
||||
$permission = userRights($user_data['view']);
|
||||
$profile = getProfile($user_data['settings'],$permission);
|
||||
$password = $user_credentials['password'];
|
||||
|
||||
if ($user_data['login_count'] < 5){
|
||||
if (array_key_exists('resetkey', $user_credentials)){
|
||||
|
||||
if ($user_credentials['resetkey'] == ''){
|
||||
//Reset procedure
|
||||
//STEP 1.A- Create resetkey
|
||||
$headers = array('alg'=>'HS256','typ'=>'JWT');
|
||||
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
|
||||
$resetkey = generate_jwt($headers, $payload);
|
||||
//STEP 1.B Store in DB
|
||||
$sql = 'UPDATE users SET resetkey = ? WHERE id = ?';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$resetkey,$user_data['id']]);
|
||||
//STEP 2- Send to user
|
||||
include_once './assets/mail/email_template_reset.php';
|
||||
send_mail($user_data['email'],$subject,$message,'','');
|
||||
//STEP 3- Update Login count
|
||||
$login_attempt = $user_data['login_count'] + 1;
|
||||
$stmt_login = $pdo->prepare($sql_login);
|
||||
$stmt_login->execute([$login_attempt, $user_data['id']]);
|
||||
}
|
||||
|
||||
} else { //STANDARD LOGIN
|
||||
if (password_verify($password, $user_data['password'])) {
|
||||
$token = createCommunicationToken($user_data['userkey']);
|
||||
|
||||
//RETURN JWT AND CLIENTSECRET
|
||||
$user = array(
|
||||
'clientID' => $user_data['id'],
|
||||
'token' => $token,
|
||||
'clientsecret' => $user_data['userkey']
|
||||
);
|
||||
|
||||
//Reset login count after succesfull attempt
|
||||
$login_attempt = 0;
|
||||
$stmt_login = $pdo->prepare($sql_login);
|
||||
$stmt_login->execute([$login_attempt, $user_data['id']]);
|
||||
|
||||
//Encrypt results
|
||||
$messages = $user;
|
||||
//Send results
|
||||
print_r($messages);
|
||||
|
||||
}
|
||||
else {
|
||||
//Update Login count with failed attempt
|
||||
$login_attempt = $user_data['login_count'] + 1;
|
||||
$stmt_login = $pdo->prepare($sql_login);
|
||||
$stmt_login->execute([$login_attempt, $user_data['id']]);
|
||||
//Send Response
|
||||
http_response_code(403); //Not authorized
|
||||
}
|
||||
}
|
||||
} else {
|
||||
//User is blocked & send error
|
||||
$messages = '1';
|
||||
//------------------------------------------
|
||||
//Send results
|
||||
//------------------------------------------
|
||||
echo $messages;
|
||||
}
|
||||
} elseif (array_key_exists('resetkey', $user_credentials)) {
|
||||
if ($user_credentials['resetkey'] != ''){
|
||||
//UPDATE PASSWORD BASED ON RESETKEY
|
||||
$password = $user_credentials['password'];
|
||||
$passwordvalid = password_hash($password, PASSWORD_DEFAULT);
|
||||
$stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? ');
|
||||
$stmt->execute([$passwordvalid, $user_credentials['resetkey']]);
|
||||
|
||||
//
|
||||
} else {
|
||||
http_response_code(403);//Not authorized
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
http_response_code(403);//Not authorized
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user