5761ed3e88
- Remove vsprintf hyphenation from generateUUID() in helpers.php
- Remove redundant str_replace('-', '', ...) wrappers in callers
- Fix grants/create, tabs/open, orders/getOrCreateCart which were storing hyphenated UUIDs
- Cast prices to float in getForBuilder.php
- Uppercase auth response keys (TOKEN, USERID, FIRSTNAME)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
78 lines
2 KiB
PHP
78 lines
2 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../helpers.php';
|
|
runAuth();
|
|
|
|
/*
|
|
Verify OTP Code for Portal Login (supports email or phone)
|
|
POST: { "Email": "user@example.com", "Code": "123456" }
|
|
or { "Phone": "3105551234", "Code": "123456" }
|
|
or { "Identifier": "...", "Code": "123456" }
|
|
Returns: { OK: true, UserID, FirstName, Token }
|
|
*/
|
|
|
|
$data = readJsonBody();
|
|
$identifier = trim($data['Identifier'] ?? $data['Email'] ?? $data['Phone'] ?? '');
|
|
$code = trim($data['Code'] ?? '');
|
|
|
|
if (empty($identifier) || empty($code)) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'Email/phone and code are required']);
|
|
}
|
|
|
|
$isPhone = isPhoneNumber($identifier);
|
|
$email = '';
|
|
$phone = '';
|
|
|
|
if ($isPhone) {
|
|
$phone = normalizePhone($identifier);
|
|
} else {
|
|
$email = $identifier;
|
|
}
|
|
|
|
if (!empty($email)) {
|
|
$user = queryOne(
|
|
"SELECT ID, FirstName FROM Users WHERE EmailAddress = ? AND IsActive = 1 LIMIT 1",
|
|
[$email]
|
|
);
|
|
} else {
|
|
$user = queryOne(
|
|
"SELECT ID, FirstName FROM Users WHERE ContactNumber = ? AND IsActive = 1 LIMIT 1",
|
|
[$phone]
|
|
);
|
|
}
|
|
|
|
if (!$user) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'invalid_code', 'MESSAGE' => 'Invalid or expired code']);
|
|
}
|
|
|
|
$uid = (int) $user['ID'];
|
|
|
|
// Check for valid OTP in OTPCodes table
|
|
$otpRow = queryOne(
|
|
"SELECT ID FROM OTPCodes
|
|
WHERE UserID = ? AND Code = ? AND ExpiresAt > NOW() AND UsedAt IS NULL
|
|
ORDER BY CreatedAt DESC
|
|
LIMIT 1",
|
|
[$uid, $code]
|
|
);
|
|
|
|
if (!$otpRow) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'invalid_code', 'MESSAGE' => 'Invalid or expired code']);
|
|
}
|
|
|
|
// Mark OTP as used
|
|
queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
|
|
|
|
// Create auth token
|
|
$token = generateSecureToken();
|
|
queryTimed(
|
|
"INSERT INTO UserTokens (UserID, Token) VALUES (?, ?)",
|
|
[$uid, $token]
|
|
);
|
|
|
|
jsonResponse([
|
|
'OK' => true,
|
|
'ERROR' => '',
|
|
'USERID' => $uid,
|
|
'FIRSTNAME' => $user['FirstName'],
|
|
'TOKEN' => $token,
|
|
]);
|