Login API and documentation

.htaccess

+Header add Access-Control-Allow-Origin: *
+
 RewriteEngine On
 RewriteBase /
 

api/apis/auth/login.php

+<?php
+
+${basename(__FILE__, '.php')} = function(){
+    if($this->get_request_method() == "POST" and isset($this->_request['username']) and isset($this->_request['password'])){
+        $username = $this->_request['username'];
+        $password = $this->_request['password'];
+        try {
+            $auth = new Auth($username, $password);
+            $data = [
+                "message" => "Login success",
+                "token" => $auth->getAuthToken()
+            ];
+            $data = $this->json($data);
+            $this->response($data, 200);
+        } catch(Exception $e){
+            $data = [
+                "error" => $e->getMessage()
+            ];
+            $data = $this->json($data);
+            $this->response($data, 406);
+        }
+    } else {
+        $data = [
+            "error" => "Bad request"
+        ];
+        $data = $this->json($data);
+        $this->response($data, 400);
+    }
+};
\ No newline at end of file

api/apis/auth/signup.php

@@ -22,11 +22,7 @@ ${basename(__FILE__, '.php')} = function(){
          
     } else {
         $data = [
-            "error" => "Bad request",
-            "method" => $this->get_request_method(),
-            "server" => $_SERVER,
-            "post" => $_POST,
-            "get" => $_GET
+            "error" => "Bad request"
         ];
         $data = $this->json($data);
         $this->response($data, 400);

api/index.php

@@ -3,6 +3,8 @@ error_reporting(E_ALL ^ E_DEPRECATED);
 require_once($_SERVER['DOCUMENT_ROOT']."/api/REST.api.php");
 require_once($_SERVER['DOCUMENT_ROOT']."/api/lib/Database.class.php");
 require_once($_SERVER['DOCUMENT_ROOT']."/api/lib/Signup.class.php");
+require_once($_SERVER['DOCUMENT_ROOT']."/api/lib/User.class.php");
+require_once($_SERVER['DOCUMENT_ROOT']."/api/lib/Auth.class.php");
 
 class API extends REST {
     

api/lib/Auth.class.php

 <?php
 
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Database.class.php');
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
+require $_SERVER['DOCUMENT_ROOT'].'/vendor/autoload.php';
+
+class Auth {
+
+    private $db;
+    private $isTokenAuth = false;
+    private $loginToken = null;
+
+    public function __construct($username, $password = NULL){
+        $this->db = Database::getConnection();
+        if($password == NULL){
+            //token based auth
+            $this->token = $username;
+            $this->isTokenAuth = true;
+            //we have to validate the token
+        } else {
+            $this->username = $username; //it might be username or email.
+            $this->password = $password;
+        }
+
+        if($this->isTokenAuth){
+            throw new Exception("Not Implemented");
+        } else {
+            $user = new User($this->username);
+            $hash = $user->getPasswordHash();
+            $this->username = $user->getUsername();
+            if(password_verify($this->password, $hash)){
+                if(!$user->isActive()){
+                    throw new Exception("Please check your email and activate your account.");
+                }
+                $this->loginToken = $this->addSession();
+            } else {
+                throw new Exception("Password Mismatch");
+            }
+        }
+    }
+
+    public function getAuthToken(){
+        return $this->loginToken;
+    }
+
+    private function addSession(){
+        $token = Auth::generateRandomHash(32);
+        $query = "INSERT INTO `apis`.`session` (`username`, `token`) VALUES ('$this->username', '$token');";
+        if(mysqli_query($this->db, $query)){
+            return $token;
+        } else {
+            throw new Exception(mysqli_error($this->db));
+        }
+        
+    }
+
+    public static function generateRandomHash($len){
+        $bytes = openssl_random_pseudo_bytes($len, $cstrong);
+        return bin2hex($bytes);
+    }
+}
\ No newline at end of file

api/lib/User.class.php

+<?php
+
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Database.class.php');
+require $_SERVER['DOCUMENT_ROOT'].'/vendor/autoload.php';
+
+class User {
+    private $db;
+    private $user;
+
+    public function __construct($username){
+        $this->username = $username;
+        $this->db = Database::getConnection();
+        $query = "SELECT * FROM auth WHERE username='$this->username' OR email='$this->username'";
+        //echo $query;
+        $result = mysqli_query($this->db, $query);
+        if(mysqli_num_rows($result) == 1){
+            $this->user = mysqli_fetch_assoc($result);
+        } else {
+            throw new Exception("User not found");
+        }
+    }
+
+    public function getUsername(){
+        return $this->user['username'];
+    }
+
+    public function getPasswordHash(){
+        return $this->user['password'];
+    }
+
+    public function getEmail(){
+        return $this->user['email'];
+    }
+
+    public function isActive(){
+        return $this->user['active'];
+    }
+}
\ No newline at end of file

hash.php

+<?php
+
+    $bytes = openssl_random_pseudo_bytes(32, $cstrong);
+    $hex   = bin2hex($bytes);
+    echo "Lengths: Bytes: $i and Hex: " . strlen($hex) . PHP_EOL;
+    var_dump($hex);
+    var_dump($cstrong);
+    echo PHP_EOL;
+?>
\ No newline at end of file

sg.php

 <pre>
 <?php
+require $_SERVER['DOCUMENT_ROOT'].'/vendor/autoload.php';
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
+
+try{
+    $user = new User('sibidharan@icloud.com');
+    echo $user->getUsername();
+} catch(Exception $e){
+    echo $e->getMessage();
+}
 
-print_r($GLOBALS);
-print_r($_SERVER);
-print_r($_REQUEST);
-print_r($_POST);
-print_r($_GET);
-print_r($_FILES);
-print_r($_ENV);
-print_r($_COOKIE);
 
 ?>
 </pre>
\ No newline at end of file