index.php
<?php
require_once("DB.php");
$db = new DB("127.0.0.1",
"SocialNetwork", "root", "");
// 'REQUEST_METHOD' -
Какой метод был использован для запроса
страницы; к примеру 'GET', 'HEAD', 'POST', 'PUT'.
if
($_SERVER['REQUEST_METHOD'] == "GET") {
if ($_GET['url'] ==
"auth") {
} else if
($_GET['url'] == "users") {
}
} else if
($_SERVER['REQUEST_METHOD'] == "POST") {
if ($_GET['url'] ==
"auth") {
$postBody =
file_get_contents("php://input");
$postBody =
json_decode($postBody);
$username =
$postBody->username;
$password =
$postBody->password;
if
($db->query('SELECT username FROM users WHERE username=:username',
array(':username'=>$username))) {
if
(password_verify($password, $db->query('SELECT password FROM users
WHERE username=:username',
array(':username'=>$username))[0]['password'])) {
$cstrong = True;
$token
= bin2hex(openssl_random_pseudo_bytes(64, $cstrong));
$user_id = $db->query('SELECT id FROM users WHERE
username=:username', array(':username'=>$username))[0]['id'];
$db->query('INSERT INTO login_tokens VALUE (:id, :token,
:user_id)', array(':id'=>null, ':token'=>sha1($token),
':user_id'=>$user_id));
echo
'{ "Token": "'.$token.'" }';
} else {
http_response_code(401);
}
} else {
http_response_code(401);
}
}
} else if
($_SERVER['REQUEST_METHOD'] == "DELETE") {
if ($_GET['url'] ==
"auth") {
if
(isset($_GET['token'])) {
if
($db->query("SELECT token FROM login_tokens WHERE
token=:token", array(':token'=>sha1($_GET['token'])))) {
$db->query('DELETE FROM login_tokens WHERE token=:token',
array(':token'=>sha1($_GET['token'])));
echo '{
"Status": "Success" }';
http_response_code(200);
} else {
echo '{
"Error": "Invalid token" }';
http_response_code(400);
}
} else {
echo '{
"Error": "Mal-formed request" }';
http_response_code(400);
}
}
}
else {
http_response_code(405);
}
?>
Комментариев нет:
Отправить комментарий