feat(a2): implement identify backend

Author: declan-zhao

a2/resources.php

@@ -197,6 +197,62 @@ function signup(&$request, &$response, &$db, &$pdo)
 function identify(&$request, &$response, &$db, &$pdo)
 {
   $username = $request->param("username"); // The username
+  $username = strtolower($username);
+
+  $get_login_info_by_username = $db->get_login_info_by_username;
+  $get_login_info_by_username->execute(array('username' => $username));
+  $user = $get_login_info_by_username->fetch();
+
+  // Check if user exists
+  if ($user) {
+    // Check if user is valid
+    if ($user["valid"] === "1") {
+      // Check if challenge exists and is not expired
+      $challenge = $user["challenge"];
+
+      if ($challenge && new DateTime() < date_create_from_format(DateTimeInterface::ISO8601, $user["expires"])) {
+        log_to_console("Used existing challenge!");
+      } else {
+        // Generate new challenge, update expires
+        $challenge = md5(rand()) . md5(rand());
+        $expires = new DateTime("+2 minutes");
+        $expires = $expires->format(DateTimeInterface::ISO8601);
+
+        $result = $db->update_login_info_by_username->execute(array(
+          'challenge' => $challenge,
+          'expires' => $expires,
+          'username' => $username
+        ));
+
+        if (!$result) {
+          $response->set_http_code(500);
+          $response->failure("Failed to identify user.");
+          log_to_console("Cannot update challenge in database.");
+
+          return false;
+        }
+
+        log_to_console("Updated challenge!");
+      }
+
+      $salt = $user["salt"];
+      // Set data
+      $response->set_data("salt", $salt);
+      $response->set_data("challenge", $challenge);
+    } else {
+      $response->set_http_code(400);
+      $response->failure("Failed to identify user.");
+      log_to_console("User is not valid.");
+
+      return false;
+    }
+  } else {
+    $response->set_http_code(400);
+    $response->failure("Failed to identify user.");
+    log_to_console("User does not exist.");
+
+    return false;
+  }
 
   $response->set_http_code(200);
   $response->success("Successfully identified user.");

a2/server.php

@@ -63,15 +63,15 @@ public function __call($method, $arguments)
     $pdo->beginTransaction();
 
     $db->create_user->execute(array(
-      'username' => $pdo->quote($username),
-      'passwd' => $pdo->quote($passwd),
-      'email' => $pdo->quote($email),
-      'modified' => $pdo->quote($modified)
+      'username' => $username,
+      'passwd' => $passwd,
+      'email' => $email,
+      'modified' => $modified
     ));
 
     $db->create_login_info->execute(array(
-      'username' => $pdo->quote($username),
-      'salt' => $pdo->quote($salt)
+      'username' => $username,
+      'salt' => $salt
     ));
 
     $pdo->commit();
@@ -85,6 +85,10 @@ public function __call($method, $arguments)
   }
 };
 
+// identify
+$db->get_login_info_by_username = $pdo->prepare("SELECT valid, salt, challenge, expires FROM user LEFT OUTER JOIN user_login USING (username) WHERE username = :username");
+$db->update_login_info_by_username = $pdo->prepare("UPDATE user_login SET challenge = :challenge, expires = :expires WHERE username = :username");
+
 $request = new Request($decoded_post_body);
 $response = null;