1f81d98c52
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3. Shared helpers in api/helpers.php (DB, auth, request/response, security). PDO prepared statements throughout. Same JSON response shapes as CFML.
50 lines
1.1 KiB
PHP
50 lines
1.1 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../helpers.php';
|
|
runAuth();
|
|
|
|
/*
|
|
POST: { "username": "...", "password": "..." }
|
|
Returns: { OK: true, ERROR: "", UserID: 123, FirstName: "...", Token: "..." }
|
|
*/
|
|
|
|
function normalizeUsername(string $u): string {
|
|
return str_replace([' ', '(', ')', '-'], '', trim($u));
|
|
}
|
|
|
|
$data = readJsonBody();
|
|
$username = normalizeUsername($data['username'] ?? '');
|
|
$password = $data['password'] ?? '';
|
|
|
|
if (empty($username) || empty($password)) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'missing_fields']);
|
|
}
|
|
|
|
$row = queryOne(
|
|
"SELECT ID, FirstName
|
|
FROM Users
|
|
WHERE (EmailAddress = ? OR ContactNumber = ?)
|
|
AND Password = ?
|
|
AND IsEmailVerified = 1
|
|
AND IsContactVerified > 0
|
|
LIMIT 1",
|
|
[$username, $username, md5($password)]
|
|
);
|
|
|
|
if (!$row) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'bad_credentials']);
|
|
}
|
|
|
|
$token = generateSecureToken();
|
|
|
|
queryTimed(
|
|
"INSERT INTO UserTokens (UserID, Token) VALUES (?, ?)",
|
|
[$row['ID'], $token]
|
|
);
|
|
|
|
jsonResponse([
|
|
'OK' => true,
|
|
'ERROR' => '',
|
|
'UserID' => (int) $row['ID'],
|
|
'FirstName' => $row['FirstName'],
|
|
'Token' => $token,
|
|
]);
|