|
|
@ -12,78 +12,105 @@ class AuthController { |
|
|
|
$view->render('login', []); |
|
|
|
$view->render('login', []); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public function signin() { |
|
|
|
public function userSignin() { |
|
|
|
|
|
|
|
$user_id = ''; |
|
|
|
|
|
|
|
// Prevent invalid email input |
|
|
|
|
|
|
|
$email = $_POST['username']; |
|
|
|
|
|
|
|
$password = $_POST['password']; |
|
|
|
|
|
|
|
if (!valid_email($email)) { |
|
|
|
|
|
|
|
header('HTTP/1.1 422 Unprocessable Entity'); |
|
|
|
|
|
|
|
header('Location: login'); |
|
|
|
|
|
|
|
exit(422); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$api = new GeoserverAPI(); |
|
|
|
|
|
|
|
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'"; |
|
|
|
|
|
|
|
$user_id = PgSql::getCol($sql); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!empty($user_id)) { |
|
|
|
|
|
|
|
$res = $api->getUser($user_id); |
|
|
|
|
|
|
|
$sql_groups = "SELECT group_id FROM webapp.users u |
|
|
|
|
|
|
|
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id |
|
|
|
|
|
|
|
WHERE geo_id = '${user_id}'"; |
|
|
|
|
|
|
|
$user_groups = Pgsql::getColValues($sql_groups); |
|
|
|
|
|
|
|
$sql_name = "SELECT fname FROM webapp.users u |
|
|
|
|
|
|
|
WHERE geo_id = '${user_id}'"; |
|
|
|
|
|
|
|
$user_name = PgSql::getCol($sql_name); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($res !== FALSE) { |
|
|
|
|
|
|
|
foreach($res->users as $entry) { |
|
|
|
|
|
|
|
// if user id exists in geoserver |
|
|
|
|
|
|
|
if ($entry->userName == $user_id) { |
|
|
|
|
|
|
|
// STORE ROLE HERE IN SESSION USING API |
|
|
|
|
|
|
|
$role = $api->getRole($user_id); |
|
|
|
|
|
|
|
$_SESSION['user_id'] = $user_id; |
|
|
|
|
|
|
|
$_SESSION['user_groups'] = $user_groups; |
|
|
|
|
|
|
|
$_SESSION['user_name'] = $user_name; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
header('Location: /'); |
|
|
|
|
|
|
|
exit(0); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
header('HTTP/1.1 403 Forbidden'); |
|
|
|
|
|
|
|
header('Refresh: 2; URL = index.php'); |
|
|
|
|
|
|
|
exit(403); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
echo 'No such user in geoserver'; |
|
|
|
|
|
|
|
header('HTTP/1.1 403 Forbidden'); |
|
|
|
|
|
|
|
header('Refresh: 2; URL = index.php'); |
|
|
|
|
|
|
|
exit(403); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function guestSignin() { |
|
|
|
|
|
|
|
header('Location: /'); |
|
|
|
|
|
|
|
|
|
|
|
// Prevent invalid email input |
|
|
|
// Prevent invalid email input |
|
|
|
$email = $_POST['username']; |
|
|
|
$email = $_POST['username']; |
|
|
|
if (!valid_email($email)) { |
|
|
|
if (!valid_email($email)) { |
|
|
|
header('HTTP/1.1 422 Unprocessable Entity'); |
|
|
|
header('HTTP/1.1 422 Unprocessable Entity'); |
|
|
|
header('Location: login'); |
|
|
|
header('Location: login'); |
|
|
|
/* header('Refresh: 1; URL = index.php'); */ |
|
|
|
exit(422); |
|
|
|
die(); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$api = new GeoserverAPI(); |
|
|
|
|
|
|
|
$sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'"; |
|
|
|
|
|
|
|
$user_id = PgSql::getCol($sql); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// if the query result is not empty then the user is already registered |
|
|
|
|
|
|
|
if (!empty($user_id)) { |
|
|
|
|
|
|
|
echo "user {$email} is registered. Login as a registered user!"; |
|
|
|
|
|
|
|
header('HTTP/1.1 400 Bad Request'); |
|
|
|
|
|
|
|
exit(400); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Handle guest login |
|
|
|
// Handle guest login |
|
|
|
if (!isset($_POST['password'])) { |
|
|
|
if (isset($_POST['username'])) { |
|
|
|
$_SESSION['user_groups'] = [1]; |
|
|
|
$_SESSION['user_groups'] = [1]; |
|
|
|
$_SESSION['user_name'] = "Guest"; |
|
|
|
$_SESSION['user_name'] = "Guest"; |
|
|
|
$_SESSION['user_id'] = self::insertGuestUser($email); |
|
|
|
$_SESSION['user_id'] = self::insertGuestUser($email); |
|
|
|
/* header('HTTP/1.1 302 Found'); */ |
|
|
|
|
|
|
|
|
|
|
|
header('HTTP/1.1 302 Found'); |
|
|
|
header('Location: /'); |
|
|
|
header('Location: /'); |
|
|
|
return TRUE; |
|
|
|
exit(0); |
|
|
|
} else { // handle user login |
|
|
|
} else { // handle user login |
|
|
|
$email = $_POST['username']; |
|
|
|
header('HTTP/1.1 500 Server error'); |
|
|
|
$password = $_POST['password']; |
|
|
|
exit(500); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$api = new GeoserverAPI(); |
|
|
|
|
|
|
|
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}'"; |
|
|
|
|
|
|
|
$user_id = PgSql::getCol($sql); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($user_id) { |
|
|
|
|
|
|
|
$res = $api->getUser($user_id); |
|
|
|
|
|
|
|
$sql_groups = "SELECT group_id FROM webapp.users u |
|
|
|
|
|
|
|
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id |
|
|
|
|
|
|
|
WHERE geo_id = '${user_id}'"; |
|
|
|
|
|
|
|
$user_groups = Pgsql::getColValues($sql_groups); |
|
|
|
|
|
|
|
$sql_name = "SELECT fname FROM webapp.users u |
|
|
|
|
|
|
|
WHERE geo_id = '${user_id}'"; |
|
|
|
|
|
|
|
$user_name = PgSql::getCol($sql_name); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($res !== FALSE) { |
|
|
|
|
|
|
|
foreach($res->users as $entry) { |
|
|
|
|
|
|
|
// if user id exists in geoserver |
|
|
|
|
|
|
|
if ($entry->userName == $user_id) { |
|
|
|
|
|
|
|
// STORE ROLE HERE IN SESSION USING API |
|
|
|
|
|
|
|
$role = $api->getRole($user_id); |
|
|
|
|
|
|
|
$_SESSION['user_id'] = $user_id; |
|
|
|
|
|
|
|
$_SESSION['user_groups'] = $user_groups; |
|
|
|
|
|
|
|
$_SESSION['user_name'] = $user_name; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
header('Location: /'); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
header('HTTP/1.1 403 Forbidden'); |
|
|
|
|
|
|
|
/* header('Refresh: 2; URL = index.php'); */ |
|
|
|
|
|
|
|
die(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
echo 'No such user in geoserver'; |
|
|
|
|
|
|
|
header('HTTP/1.1 403 Forbidden'); |
|
|
|
|
|
|
|
/* header('Refresh: 2; URL = index.php'); */ |
|
|
|
|
|
|
|
die(); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function logout() { |
|
|
|
public function logout() { |
|
|
|
/* session_start(); */ |
|
|
|
session_start(); |
|
|
|
session_destroy(); |
|
|
|
session_destroy(); |
|
|
|
unset($_SESSION); |
|
|
|
unset($_SESSION); |
|
|
|
/* $_SESSION = array(); */ |
|
|
|
$_SESSION = array(); |
|
|
|
header("Location: login"); |
|
|
|
header("Location: login"); |
|
|
|
exit(); |
|
|
|
exit(); |
|
|
|
/* header('Refresh: 2; URL = index.php'); */ |
|
|
|
header('Refresh: 2; URL = index.php'); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -94,6 +121,7 @@ class AuthController { |
|
|
|
ON CONFLICT (email) DO UPDATE |
|
|
|
ON CONFLICT (email) DO UPDATE |
|
|
|
SET geo_id = EXCLUDED.geo_id, |
|
|
|
SET geo_id = EXCLUDED.geo_id, |
|
|
|
last_login = now()"; |
|
|
|
last_login = now()"; |
|
|
|
|
|
|
|
|
|
|
|
return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id; |
|
|
|
return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|