With password session
send();
exit();
}
$sessionId = $_GET['session'];
$sessionId = str_replace("LNSESS", "", $sessionId);
require_once('../Logics/Auth.php');
try {
$query = $db->prepare("UPDATE sessions SET session_active='N', session_terminated_at='$istTime' WHERE session_id='$returned_sessionId' AND user_id='$returned_id' AND session_active='Y'");
$query->execute();
$rowCount = $query->rowCount();
$returnData = array();
$returnData['session_id'] = "LNSESS".$returned_sessionId;
$response = new Response(true, 200, "Logged Out Successfully", $returnData);
$response->send();
exit();
} catch(PDOException $e) {
error_log("SQL Error - Logout - " . $e->getMessage());
$response = new Response(false, 500, "(Action:- Logout) Sever Error");
$response->send();
exit();
}
}
else if(array_key_exists("verify", $_GET)) {
if($_SERVER['REQUEST_METHOD'] !== 'PATCH') {
$response = new Response(false, 405, "Invalid Method");
$response->send();
exit();
}
require_once('../Helpers/Session.php');
$bypassAccessTokenCheck = 1;
require_once('../Logics/Auth.php');
if($returned_accessTokenExpiry < time()) {
try {
//Check if it has not crossed the refresh token time
if($returned_refreshTokenExpiry > time()) {
//Extend Tokens
$new_accessToken = manualEncryption($returned_id."_".time());
$new_refreshToken = manualEncryption($returned_id."_".time()."_REFRESHTOKEN_");
$new_accessTokenExpiry = date("Y-m-d H:i:s", time() + 43200);
$new_refreshTokenExpiry = date("Y-m-d H:i:s", time() + 86400);
$query = $db->prepare("UPDATE sessions SET access_token='$new_accessToken', access_token_expiry='$new_accessTokenExpiry', refresh_token='$new_refreshToken', refresh_token_expiry='$new_refreshTokenExpiry', session_last_refreshed_at='$istTime' WHERE session_id='$returned_sessionId' AND user_id='$returned_id'");
$query->execute();
$returnData = array();
$returnData['user_id'] = "LNUSR".$returned_id;
$returnData['user_name'] = $returned_fullName;
$returnData['user_role'] = $returned_user_role;
$returnData['session_id'] = "LNSESS".$returned_sessionId;
$returnData['access_token'] = $new_accessToken;
$returnData['access_token_expiry'] = strtotime($new_accessTokenExpiry);
$returnData['refresh_token'] = $new_refreshToken;
$returnData['refresh_token_expiry'] = strtotime($new_refreshTokenExpiry);
$returnData['force_logout'] = 0;
$response = new Response(true, 200, "Session Extended", $returnData);
$response->send();
exit();
} else {
$query = $db->prepare("UPDATE sessions SET session_active='N', session_terminated_at='$istTime' WHERE session_id='$returned_sessionId' AND user_id='$returned_id'");
$query->execute();
$returnData = array();
$returnData['force_logout'] = 1;
$response = new Response(false, 404, "Session Expired", $returnData);
$response->send();
exit();
}
} catch(PDOException $e) {
error_log("SQL Error - Verifying User - " . $e->getMessage());
$response = new Response(false, 500, "(Action:- Verifying User) Sever Error");
$response->send();
exit();
}
} else {
$returnData = array();
$returnData['user_id'] = "LNUSR".$returned_id;
$returnData['user_name'] = $returned_fullName;
$returnData['user_role'] = $returned_user_role;
$returnData['session_id'] = "LNSESS".$returned_sessionId;
$returnData['access_token'] = $returned_accessToken;
$returnData['access_token_expiry'] = $returned_accessTokenExpiry;
$returnData['refresh_token'] = $returned_refreshToken;
$returnData['refresh_token_expiry'] = $returned_refreshTokenExpiry;
$returnData['force_logout'] = 0;
$response = new Response(true, 200, "Verified Successfully", $returnData);
$response->send();
exit();
}
}
else if(array_key_exists("number", $_GET)) {
if($_SERVER['REQUEST_METHOD'] !== 'GET') {
$response = new Response(false, 405, "Invalid Method");
$response->send();
exit();
}
if(!isset($_GET['number'])) {
$response = new Response(false, 401, "Unauthorized Error");
$response->send();
exit();
}
$number = trimAndSecure($_GET['number']);
if(strlen($number) !== 10) {
$response = new Response(false, 403, "Incorrect Contact Number");
$response->send();
exit();
}
$query = "SELECT otp, otp_validity,user_email_id FROM users WHERE user_active='Y' AND user_whatsapp_number='$number'";
$query = $db->prepare($query);
$query->execute();
if($query->rowCount() === 1) {
while($row = $query->fetch(PDO::FETCH_ASSOC)) {
$otp = $row['otp'];
$otpValidity = $row['otp_validity'];
$email = $row['user_email_id'];
}
if($otpValidity && $istTime < $otpValidity) {
$returnData = array();
$returnData['feedback'] = "OTP sent already. Valid till " . date("M jS H:i:s", strtotime($otpValidity));
$response = new Response(true, 200, "OTP sent already", $returnData);
$response->send();
exit();
} else {
$newOTP = rand(111111,999999);
$newValidity = date('Y-m-d H:i:s', strtotime("$istTime + 18 minute"));
$newValidityReadable = date("M jS H:i:s", strtotime($newValidity));
$query = $db->prepare("UPDATE users SET otp='$newOTP', otp_validity='$newValidity', user_updated_at='$istTime' WHERE user_whatsapp_number='$number'");
$query->execute();
$text = " Your OTP for LivNest Finance Stage is valid for next 20 minutes till $newValidityReadable
";
$text .= "OTP: $newOTP
";
$subject = "OTP request for Livnest Finance Stage";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= "From: ";
mail($email, $subject, $text, $headers);
$returnData['feedback'] = "OTP Sent. Valid for 20 minutes.";
$response = new Response(true, 200, "OTP sent successfully", $returnData);
$response->send();
exit();
}
} else {
$response = new Response(false, 403, "Incorrect Credentials");
$response->send();
exit();
}
}
//verify user and password
else if(empty($_GET)) {
if($_SERVER['REQUEST_METHOD'] !== 'POST') {
$response = new Response(false, 405, "Invalid Method");
$response->send();
exit();
}
if($_SERVER['CONTENT_TYPE'] !== 'application/json') {
$response = new Response(false, 406, "Content-Type Error");
$response->send();
exit();
}
$rawPostData = file_get_contents('php://input');
if(!$jsonData = json_decode($rawPostData)) {
$response = new Response(false, 403, "Data Forbidden");
$response->send();
exit();
}
if(!isset($jsonData->number) || !isset($jsonData->password)) {
$response = new Response(false, 401, "Unauthorized Error");
$response->send();
exit();
}
//if(strlen($jsonData->number) !== 10) {
// $response = new Response(false, 403, "Incorrect Contact Number Length");
// $response->send();
// exit();
//}
$number = trimAndSecure($jsonData->number);
$password = trimAndSecure($jsonData->password);
$latitude = isset($jsonData->latitude) ? trimAndSecure($jsonData->latitude) : '';
$longitude = isset($jsonData->longitude) ? trimAndSecure($jsonData->longitude) : '';
$platform = isset($jsonData->platform) ? trimAndSecure($jsonData->platform) : '';
try {
$query = $db->prepare("SELECT * FROM users WHERE user_whatsapp_number = :number");
$query->bindParam(':number', $number);
$query->execute();
if($query->rowCount() == 0) {
$response = new Response(false, 401, "Incorrect Contact Number");
$response->send();
exit();
}
$row = $query->fetch(PDO::FETCH_ASSOC);
$returned_id = $row['user_id'];
$returned_fullName = $row['user_full_name'];
$returned_user_role = $row['user_position'];
$returned_email = $row['user_email_id'];
$returned_password = $row['password'];
$returned_loginAttempts = $row['user_login_attempts'];
$returned_userActive = $row['user_active'];
if($returned_userActive !== 'Y') {
$response = new Response(false, 403, "Account Inactive");
$response->send();
exit();
}
if($returned_loginAttempts >= 3) {
$response = new Response(false, 403, "Too Many Incorrect Password Attempts");
$response->send();
exit();
}
if($password !== $returned_password) {
$query = $db->prepare("UPDATE users SET user_login_attempts = user_login_attempts + 1, user_updated_at = :updated_at WHERE user_id = :user_id");
$query->bindParam(':updated_at', $istTime);
$query->bindParam(':user_id', $returned_id);
$query->execute();
$response = new Response(false, 401, "Incorrect Password");
$response->send();
exit();
}
$accessToken = manualEncryption($returned_id."_".time());
$refreshToken = manualEncryption($returned_id."_".time()."_REFRESHTOKEN_");
$accessTokenExpiry = date("Y-m-d H:i:s", time() + 43200);
$refreshTokenExpiry = date("Y-m-d H:i:s", time() + 86400);
} catch(PDOException $e) {
error_log("SQL Error - Login - " . $e->getMessage());
$response = new Response(false, 500, "(Action:- Login) Server Error");
$response->send();
exit();
}
try {
$db->beginTransaction();
$query = $db->prepare("UPDATE users SET user_login_attempts=0, user_updated_at=:updated_at WHERE user_id=:user_id");
$query->bindParam(':updated_at', $istTime);
$query->bindParam(':user_id', $returned_id);
$query->execute();
$sessionId = time();
$ip = get_client_ip();
$clientCountry = '';
$clientRegion = '';
$clientCity = '';
iPDetails($ip);
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$referrer = $_SERVER['HTTP_REFERER'] ?? "";
$queryDate = [
"session_id" => $sessionId,
"user_id" => $returned_id,
"access_token" => $accessToken,
"access_token_expiry" => $accessTokenExpiry,
"refresh_token" => $refreshToken,
"refresh_token_expiry" => $refreshTokenExpiry,
"ip" => $ip,
"country" => $clientCountry,
"region" => $clientRegion,
"city" => $clientCity,
"latitude" => $latitude,
"longitude" => $longitude,
"user_agent" => $userAgent,
"referer" => $referrer,
"platform" => $platform,
"phone_number" => $number,
"session_started_at" => $istTime
];
$sql = queryMaker("sessions", $queryDate, "Insert");
$query = $db->prepare($sql);
$query->execute();
$db->commit();
$returnData = [
'user_id' => "LNUSR".$returned_id,
'user_name' => $returned_fullName,
'user_role' => $returned_user_role,
'session_id' => "LNSESS".$sessionId,
'access_token' => $accessToken,
'access_token_expiry' => strtotime($accessTokenExpiry),
'refresh_token' => $refreshToken,
'refresh_token_expiry' => strtotime($refreshTokenExpiry)
];
$response = new Response(true, 201, "Logged in Successfully", $returnData);
$response->send();
exit();
} catch(PDOException $e) {
error_log("SQL Error - Session Creation - " . $e->getMessage());
$db->rollBack();
$response = new Response(false, 500, "(Action:- Session) Server Error");
$response->send();
exit();
}
}
else {
$response = new Response(false, 405, "Invalid Method");
$response->send();
exit();
}