New Api autentication token

2020-03-31 11:13:21 +02:00
parent e22d98cf6a
commit a1337d795d
4 changed files with 109 additions and 2 deletions
--- a/app/class/ApiManager.php
+++ b/app/class/ApiManager.php
@@ -0,0 +1,30 @@
+<?php
+
+class ApiManager {
+    public function generateToken($username, $password){
+        $userManager = new UserManager();
+        if ($username != '' || $password != ''){               
+            $userLogedIn = $userManager->loginNew($username, $password);
+                
+            if ($userLogedIn != false){
+                // Create token header as a JSON string
+                $header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']);
+                // Create token payload as a JSON string
+                $payload = json_encode(['user_id' => $userLogedIn]);
+                // Encode Header to Base64Url String
+                $base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header));
+                // Encode Payload to Base64Url String
+                $base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload));
+                // Create Signature Hash
+                $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, 'abC123!', true);
+                // Encode Signature to Base64Url String
+                $base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature));
+                // Create JWT
+                $jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
+                
+                return $jwt;
+            }
+        }
+        return false;
+    }
+}
--- a/app/class/UserManager.php
+++ b/app/class/UserManager.php
@@ -65,6 +65,24 @@ class UserManager
 		}
 	}

+	public function loginNew ($username, $password) {
+		try {
+			if ($user = Db::loadOne ('SELECT * FROM users WHERE LOWER(username)=LOWER(?)', array ($username))) {
+				if ($user['password'] == UserManager::getHashPassword($password)) {
+					echo "user loged in";
+					return $user['user_id'];
+				} else {
+					return false;
+				}
+			} else {
+				return false;
+			}
+		} catch(PDOException $error) {
+			echo $error->getMessage();
+			die();
+		}
+	}
+
 	public function isLogin () {
 		if (isset ($_SESSION['user']) && isset($_SESSION['user']['id'])) {
 			return true;