62 lines
2.0 KiB
PHP
62 lines
2.0 KiB
PHP
<?php
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Content-Type: application/json; charset=UTF-8");
|
|
header("Access-Control-Allow-Methods: POST");
|
|
header("Access-Control-Max-Age: 3600");
|
|
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
|
|
|
|
include_once '../../config/database.php';
|
|
include_once '../objects/token.php';
|
|
include_once '../objects/user.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
|
http_response_code(400);
|
|
echo json_encode(array("error" => "Method not accepted."));
|
|
exit();
|
|
}
|
|
|
|
$database = new Database();
|
|
$db = $database->getConnection();
|
|
|
|
$token = new Token($db);
|
|
|
|
// get posted data
|
|
$data = json_decode(file_get_contents("php://input"));
|
|
|
|
if(!empty($data->code)){
|
|
// Check user existence
|
|
$query = "SELECT * FROM user WHERE UPPER(code) = UPPER(:code) LIMIT 1";
|
|
$stmt = $db->prepare($query);
|
|
$stmt->bindParam(":code", $data->code);
|
|
if($stmt->execute()){
|
|
if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
|
// User found
|
|
$token->userId = $row['id'];
|
|
$token->user = User::createFromRow($row);
|
|
if($token->create()){
|
|
// set response code - 201 created
|
|
http_response_code(201);
|
|
echo json_encode($token);
|
|
} else {
|
|
// unable to create
|
|
http_response_code(500);
|
|
echo json_encode(array("error" => "Unable to create Token."));
|
|
}
|
|
} else {
|
|
// User not found
|
|
|
|
// Wait 5 secs to slow down bruteforce attacks
|
|
sleep(5);
|
|
|
|
http_response_code(404);
|
|
echo json_encode(array("error" => "Unable to create Token. User not found."));
|
|
}
|
|
}
|
|
|
|
} else {
|
|
// Missing parameters
|
|
http_response_code(400);
|
|
echo json_encode(array("error" => "Unable to create Token. code is mandatory."));
|
|
}
|
|
?>
|