Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Merge development branch work. #10

Merged
merged 5 commits into from

1 participant

This page is out of date. Refresh to see the latest.
View
5 config.example.php
@@ -45,6 +45,11 @@
define( 'CFG_SENDGRID_USER', '' );
define( 'CFG_SENDGRID_KEY', '' );
+// Enable Twilio API for phone/SMS methods:
+define('CFG_TWILIO_NUMBER', '' );
+define( 'CFG_TWILIO_ID', '' );
+define( 'CFG_TWILIO_TOKEN', '' );
+
// If you're going to use the optional Yubikey plugin, uncomment these.
// These can be generated at https://upgrade.yubico.com/getapikey/
//define('YUBIKEY_CLIENT_ID', 0);
View
88 lib/api.2-0.php
@@ -248,64 +248,74 @@
isSessionCleared($User->Hash(), true);
- require './lib/twilio/Twilio.php';
- $twilio = new Services_Twilio(CFG_TWILIO_ID, CFG_TWILIO_TOKEN);
+ if(defined('CFG_TWILIO_NUMBER') && strlen(CFG_TWILIO_NUMBER) &&
+ (defined('CFG_TWILIO_ID') && strlen(CFG_TWILIO_ID) &&
+ (defined('CFG_TWILIO_TOKEN') && strlen(CFG_TWILIO_TOKEN)) {
- $phone = substr(trim(str_replace(array('+', '-'), '', filter_var($request['phone'], FILTER_SANITIZE_NUMBER_INT))), 0, 50);
+ require './lib/twilio/Twilio.php';
+ $twilio = new Services_Twilio(CFG_TWILIO_ID, CFG_TWILIO_TOKEN);
- if(HTTP_METHOD == 'POST' && $api_action_value == 'confirm' && !$User->PhoneConfirmed()) {
+ $phone = substr(trim(str_replace(array('+', '-'), '', filter_var($request['phone'], FILTER_SANITIZE_NUMBER_INT))), 0, 50);
- api_expectations(array('phone', 'code'));
- $submitted = strtoupper(substr(trim(filter_var($request['code'], FILTER_SANITIZE_STRING)), 0, 6));
- $code = strtoupper($Security->Hash("CONFIRM_PHONE_" . $User->Hash() . "_{$phone}", 6));
+ if(HTTP_METHOD == 'POST' && $api_action_value == 'confirm' && !$User->PhoneConfirmed()) {
- if($submitted === $code) {
- $User->PhoneConfirmed(1);
- Response::Send(200, RESP_OK, array());
- } else {
- Response::Send(500, RESP_ERR, array(
- 'error' => 'That confirmation code is incorrect.'
- ));
- }
+ api_expectations(array('phone', 'code'));
+ $submitted = strtoupper(substr(trim(filter_var($request['code'], FILTER_SANITIZE_STRING)), 0, 6));
+ $code = strtoupper($Security->Hash("CONFIRM_PHONE_" . $User->Hash() . "_{$phone}", 6));
- } else {
+ if($submitted === $code) {
+ $User->PhoneConfirmed(1);
+ Response::Send(200, RESP_OK, array());
+ } else {
+ Response::Send(500, RESP_ERR, array(
+ 'error' => 'That confirmation code is incorrect.'
+ ));
+ }
- if(HTTP_METHOD == 'GET') {
+ } else {
- $avatar = $User->Phone();
+ if(HTTP_METHOD == 'GET') {
- Response::Send(200, RESP_OK, array(
- 'phone' => $User->Phone(),
- 'confirmed' => $User->PhoneConfirmed()
- ));
+ $avatar = $User->Phone();
- } elseif(HTTP_METHOD == 'POST') {
+ Response::Send(200, RESP_OK, array(
+ 'phone' => $User->Phone(),
+ 'confirmed' => $User->PhoneConfirmed()
+ ));
- global $MySQL;
+ } elseif(HTTP_METHOD == 'POST') {
- if(strlen($phone)) {
- if($dup = $MySQL->Pull("SELECT phone FROM users WHERE phone='" . $MySQL->Clean($phone) . "' AND phone_confirmed=1 LIMIT 1;")) {
- Response::Send(500, RESP_ERR, array(
- 'error' => 'That phone number has already been claimed by another user.'
- ));
+ global $MySQL;
+
+ if(strlen($phone)) {
+ if($dup = $MySQL->Pull("SELECT phone FROM users WHERE phone='" . $MySQL->Clean($phone) . "' AND phone_confirmed=1 LIMIT 1;")) {
+ Response::Send(500, RESP_ERR, array(
+ 'error' => 'That phone number has already been claimed by another user.'
+ ));
+ }
}
- }
- if($phone != $User->Phone()) {
- api_expectations(array('phone'));
- $User->Phone($phone);
- $User->PhoneConfirmed(0);
+ if($phone != $User->Phone()) {
+ api_expectations(array('phone'));
+ $User->Phone($phone);
+ $User->PhoneConfirmed(0);
- if(strlen($phone)) {
- $code = $Security->Hash("CONFIRM_PHONE_" . $User->Hash() . "_{$phone}", 6);
- $message = $twilio->account->sms_messages->create( CFG_TWILIO_NUMBER, $phone, "To confirm your phone number with CrowdmapID, please enter this code: " . $code);
+ if(strlen($phone)) {
+ $code = $Security->Hash("CONFIRM_PHONE_" . $User->Hash() . "_{$phone}", 6);
+ $message = $twilio->account->sms_messages->create( CFG_TWILIO_NUMBER, $phone, "To confirm your phone number with " . $Application->Name() . ", please enter this code: " . $code);
+ }
}
- }
- Response::Send(200, RESP_OK, array());
+ Response::Send(200, RESP_OK, array());
+
+ }
}
+ } else {
+
+ Response::Send(404, RESP_ERR, array('error' => 'Phone support is not enabled on this installation.'));
+
}
} elseif($api_action == 'sessions') { // /user/:user_id/session
View
8 lib/class.users.php
@@ -44,8 +44,12 @@ public function Set($id)
}
elseif (is_numeric($id))
{
- // Passing a record id.
- $r = $MySQL->Pull("SELECT * FROM users WHERE id={$_id} LIMIT 1;");
+ if($r = $MySQL->Pull("SELECT * FROM users WHERE phone='{$_id}' AND phone_confirmed=1 LIMIT 1;")) {
+ // We'll probably want to do something here.
+ } else {
+ // Passing a record id.
+ $r = $MySQL->Pull("SELECT * FROM users WHERE id={$_id} LIMIT 1;");
+ }
}
if ($r && isset($r['id']))
View
18 sql/create_database.sql
@@ -32,18 +32,18 @@ CREATE TABLE IF NOT EXISTS `application_hits` (
DROP TRIGGER IF EXISTS `application_hits_expiring`;
DELIMITER //
CREATE TRIGGER `application_hits_expiring` AFTER DELETE ON `application_hits`
- FOR EACH ROW BEGIN
- SET @appid = OLD.application;
- INSERT INTO statistics (stat_name, stat_value) VALUES (CONCAT('application_api_hits_', @appid), 0) ON DUPLICATE KEY UPDATE stat_value = stat_value - 1;
+ FOR EACH ROW BEGIN
+ SET @appid = OLD.application;
+ INSERT INTO statistics (stat_name, stat_value) VALUES (CONCAT('application_api_hits_', @appid), 0) ON DUPLICATE KEY UPDATE stat_value = stat_value - 1;
END
//
DELIMITER ;
DROP TRIGGER IF EXISTS `application_hits_incoming`;
DELIMITER //
CREATE TRIGGER `application_hits_incoming` AFTER INSERT ON `application_hits`
- FOR EACH ROW BEGIN
- SET @appid = NEW.application;
- INSERT INTO statistics (stat_name, stat_value) VALUES (CONCAT('application_api_hits_', @appid), 1) ON DUPLICATE KEY UPDATE stat_value = stat_value + 1;
+ FOR EACH ROW BEGIN
+ SET @appid = NEW.application;
+ INSERT INTO statistics (stat_name, stat_value) VALUES (CONCAT('application_api_hits_', @appid), 1) ON DUPLICATE KEY UPDATE stat_value = stat_value + 1;
END
//
DELIMITER ;
@@ -61,6 +61,8 @@ CREATE TABLE IF NOT EXISTS `users` (
`hash` char(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`password` char(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
`password_changed` timestamp NULL DEFAULT NULL,
+ `phone` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
+ `phone_confirmed` tinyint(1) unsigned DEFAULT '0',
`question` varchar(256) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`answer` char(128) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`token` char(32) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '',
@@ -181,8 +183,8 @@ ALTER TABLE `user_storage`
DELIMITER $$
CREATE EVENT `application_hits_cleanup` ON SCHEDULE EVERY 1 MINUTE STARTS '2012-01-01 00:00:00' ON COMPLETION PRESERVE ENABLE DO DELETE FROM application_hits WHERE expires < NOW()$$
-CREATE EVENT `users_tokens_cleanup` ON SCHEDULE EVERY 5 MINUTE STARTS '2012-01-01 00:00:00' ON COMPLETION PRESERVE ENABLE DO UPDATE users
-SET token = '', token_memory = '', token_expires = NULL
+CREATE EVENT `users_tokens_cleanup` ON SCHEDULE EVERY 5 MINUTE STARTS '2012-01-01 00:00:00' ON COMPLETION PRESERVE ENABLE DO UPDATE users
+SET token = '', token_memory = '', token_expires = NULL
WHERE expires IS NOT NULL AND expires < NOW()$$
CREATE EVENT `user_sessions_cleanup` ON SCHEDULE EVERY 5 MINUTE STARTS '2012-01-01 00:00:00' ON COMPLETION PRESERVE ENABLE DO DELETE FROM user_sessions WHERE expires IS NOT NULL AND expire < NOW()$$
Something went wrong with that request. Please try again.