startSession (); $method = $this->app->loadMethod ( $_REQUEST['method'], __NAMESPACE__.'\RestRequest', './rest'); $method->run (); } /** * Tries to retrieve user credentials from many sources such as POST, * SESSION or COOKIES. If $_POST['remember'] is defined the user credentials * are saved on the client brownser for future logins, cookies names are * 'vn_user' for the user name and 'vn_pass' for user password, the * password is encoded using base64_encode() function and should be decoded * using base64_decode(). **/ function login () { if ($this->conn) return $this->conn; $user = NULL; $password = NULL; $rememberUser = TRUE; $rememberPass = FALSE; $credentialsChanged = TRUE; $wasLoged = isset ($_SESSION['user']); if (isset ($_POST['guest'])) { $sysConn = $this->app->getSysConn (); $row = $sysConn->getRow ( 'SELECT guest_user, guest_pass FROM config'); if ($row) { $user = $row['guest_user']; $password = base64_decode ($row['guest_pass']); $rememberUser = FALSE; } } elseif (isset ($_POST['user']) && isset ($_POST['password'])) { $user = $_POST['user']; $password = $_POST['password']; if (isset ($_POST['remember']) && $_POST['remember']) $rememberPass = TRUE; } elseif (isset ($_SESSION['user'])) { $user = $_SESSION['user']; $password = $_SESSION['password']; $credentialsChanged = FALSE; } elseif (isset ($_COOKIE['vn_user']) && isset ($_COOKIE['vn_pass'])) { $user = $_COOKIE['vn_user']; $password = base64_decode ($_COOKIE['vn_pass']); $rememberPass = TRUE; } if (!isset ($user)) throw new SessionExpiredException (); try { $db = $this->app->createConnection ($user, $password); $db->query ('CALL user_session_start (#)', [session_id ()]); $this->conn = $db; if ($rememberUser) { $cookieLife = time () + 7 * 86400; // 7 Days setcookie ('vn_user', $user, $cookieLife); if ($rememberPass) setcookie ('vn_pass', base64_encode ($password), $cookieLife); } $_SESSION['user'] = $user; $_SESSION['password'] = $password; } catch (\Exception $e) { $this->conn = NULL; throw new BadLoginException (); } // Registering the user access if (!$wasLoged) unset ($_SESSION['visitUser']); if (isset ($_SESSION['access']) && !isset ($_SESSION['visitUser'])) { $sysConn = $this->getSysConn (); $_SESSION['visitUser'] = $sysConn->getValue ( 'CALL visit_user_new (#, #, #)', [ $_SESSION['access'] ,nullIf ($_SESSION, 'visitUser') ,session_id () ] ); if (!isset ($_SESSION['visitUnknown'])) $_SESSION['visitUnknown'] = $_SESSION['visitUser']; } return $db; } /** * Cleans the last saved used credentials. **/ function logout () { $_SESSION['visitUser'] = nullIf ($_SESSION, 'visitUnknown'); setcookie ('vn_pass', '', -1); unset ($_COOKIE['vn_pass']); unset ($_SESSION['user']); unset ($_SESSION['password']); if ($this->conn) { $this->conn->query ( 'DELETE FROM user_session_view ' .'WHERE connection_id = CONNECTION_ID()' ); $this->conn->close (); $this->conn = NULL; } } /** * Deinitializes the Application. When init method is called, this * function is called automatically at the end of the script . **/ function deinit () { if ($this->conn) $this->conn->query ('CALL user_session_end ()'); parent::deinit (); } function statusFromException ($e) { try { throw $e; } catch (SessionExpiredException $e) { $status = 401; } catch (BadLoginException $e) { $status = 401; } catch (Lib\UserException $e) { $status = 400; } catch (\Exception $e) { $status = 500; } http_response_code ($status); } function errorHandler ($errno, $message, $file, $line, $context) { $eFlag = E_USER_NOTICE | E_USER_WARNING | E_USER_DEPRECATED | E_NOTICE | E_WARNING | E_DEPRECATED; if (!($errno & $eFlag)) http_response_code (500); return FALSE; } function exceptionHandler ($e) { $this->statusFromException ($e); throw $e; } } ?>