add auth

app/api/apiclient.php

@@ -13,15 +13,34 @@ function api_client_kuri($hash){
 }
 
 
+function api_login($login, $password){
+
+    $sqlogin = "SELECT `client_id`, `clientpassword` FROM `clients` WHERE `clientmail` = '$login' LIMIT 1";
+    $client = dbl_get($sqlogin);
+
+    if (!isset($client['clientpassword']))
+        return ['error'=>'пользователь не найден'];
+
+    if ($client['clientpassword'] == '')
+        return ['error'=>'необходимо получить ссылку для доступа'];    
+
+    if (!password_verify($password, $client['clientpassword'])) 
+        return ['error' => 'неверный пароль'];
+
+    return ['data' => $client];    
+
+}
+
+
 function clientbuys_kuri($client_id, $page = 1){
 
     $sql_sub = "SELECT number_id FROM anbuy WHERE client_id = '$client_id'  AND `number_id` = 486 LIMIT 1";
     $findsub =  db_get($sql_sub);
 
     
-  // if (isset($findsub['number_id'])) {// есть поп
-  //      return clients_arch($page);
-  //  }    
+   if (isset($findsub['number_id'])) {// есть поп
+        return clients_arch($page);
+    }    
 
    $limit  = 25;
    $countsql = "SELECT DISTINCT COUNT(buy_id) as count FROM `anbuy` WHERE `client_id` = $client_id AND `buy_status` = '1' LIMIT 1";
@@ -54,7 +73,10 @@ function clientbuys_kuri($client_id, $page = 1){
 
 
 
-function client_find_email($email){
+function client_find_email($mail){
+
+    if (!filter_var($mail, FILTER_VALIDATE_EMAIL))
+        return ['error' => 'некорректный email'];
 
     $pwd_query = "SELECT * FROM `clients` WHERE `clientmail` = '$mail' LIMIT 1";
     $client = db_get($pwd_query);
@@ -62,37 +84,82 @@ function client_find_email($email){
     if (isset($client['client_id']))
         return $client;
     else
-        return false;    
+        return ['error' => 'client not found'];   
 
 }
 
-function client_add_password($mail, $pwd, $pwd2){
-    
-    $maxlen = 5;
+function client_find_hash($hash){
 
-    if (!filter_var($email, FILTER_VALIDATE_EMAIL))
-        return 'некорректный email';
 
-    $find = client_find_email($email);
-    if ($find)
-        return 'email не найден';
-   
-    if ($pwd == ''){
+    $pwd_query = "SELECT * FROM `clients` WHERE `clienthash` = '$hash' LIMIT 1";
+    $client = db_get($pwd_query);
+
+    if (isset($client['client_id']))
+        return $client;
+    else
+        return ['error' => 'client not found'];   
+
+}
+
+
+function client_find_id($id) {
+
+    $id_query = "SELECT * FROM `clients` WHERE `client_id` = '$id' LIMIT 1";
+    $client = db_get($id_query);
+
+    if (!isset($client['client_id'])){
+        return ['error' => 'client not found'];    
+    }
+
+    return ['result' => $client];
+
+}
+
+
+function client_check_auth($login, $pwd){
+        
+    $check_query = "SELECT * FROM `clients` WHERE `client_id` = '$login' LIMIT 1";
+
+    $client = dbl_get($check_query);
+
+    if (!isset($client['client_id'])){
+        return ['error' => 'client not found'];
+    }
+
+    $hash_pwd = md5($login.$client['clientpassword']);
+
+    if ($pwd == $hash_pwd){
+        return ['data' => $client];
+    }
+    else {
+       return ['error' => 'invalid hash'];
+    }   
+        
+}
+
+
+function client_add_password($client_id, $password, $confirm, $minlen = 5){
+
+
+    if ($password == ''){
         return 'пароль не задан';
     }    
     
-    if (strlen($pwd) < $maxlen) {
+    if (strlen($password) < $minlen) {
         return  "пароль должен быть не менее $maxlen символов";
     }
 
-    if ($pwd == $pwd2){
+    if ($password !== $confirm){
         return "пароли не совпадают";
     }
 
-    $clientpassword = password_hash($pwd);  
-    $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `clientmail` = '$mail'";
+    $clientpassword = password_hash($password, PASSWORD_DEFAULT);  
+    $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `client_id` = '$client_id'";
+
+   
+    $result =  db_get($sqlupdate, 'chitatel');
+  
 
-    dbl_get($sqlupdate);
 
     return True;