API tools faq
paste
bharath-ka

Untitled

bharath-ka
May 3rd, 2019
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.04 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace app\controllers;
  4. use Yii;
  5. use yii\rest\Controller;
  6. use sizeg\jwt\Jwt;
  7. use sizeg\jwt\JwtHttpBearerAuth;
  8.  
  9. class AttendanceController extends \yii\web\Controller
  10. {
  11.  
  12. public function actionIndex()
  13. {
  14. return $this->render('index');
  15. }
  16.  
  17. public function actionLogin(){
  18.  
  19. $request = Yii::$app->request;
  20.  
  21. $username = $request->post('username');
  22. $password = $request->post('password');
  23.  
  24. $header = [
  25. "alg" => "HS256",
  26. "typ" => "JWT"
  27. ];
  28.  
  29. // JWT Payload data
  30.  
  31. $cmd = Yii::$app->db->createCommand('SELECT * FROM attendence WHERE username = :username');
  32. $result = $cmd->bindParam(':username', $username)
  33. ->queryOne();
  34.  
  35. if($result) {
  36. if(Yii::$app->getSecurity()->validatePassword($password, $result['password'])){
  37.  
  38.  
  39. $cmd1 = Yii::$app->db->createCommand('SELECT id FROM attendence WHERE id = :id');
  40. $data = $cmd1->bindParam(':id', $result['id'])
  41. ->queryOne();
  42. $jwt = $this->generateJWT('sha256', $header, $data, 'shh_stfu');
  43.  
  44. $res = [
  45. 'status' => true,
  46. 'message' => 'Login Success..',
  47. 'token' => $jwt,
  48. ];
  49.  
  50. }
  51. else
  52. {
  53. $res = [
  54. 'status' => false,
  55. 'message' => 'Wrong username or password.',
  56. ];
  57. }
  58. }
  59. else
  60. {
  61. $res = [
  62. 'status' => false,
  63. 'message' => 'Wrong username or password.',
  64. ];
  65. }
  66.  
  67. $response = Yii::$app->response;
  68. $response->format = \yii\web\Response::FORMAT_JSON;
  69. $response->data = ['data' => $res ];
  70.  
  71. }
  72.  
  73. public function actionFacultyDetails() {
  74.  
  75. //$request = Yii::$app->request;
  76. $headers = Yii::$app->request->headers;
  77. $token = $headers->get('token');
  78.  
  79. if($token){
  80.  
  81. $verify = $this->verifyJWT('sha256', $token, 'shh_stfu');
  82.  
  83. if($verify){
  84. $data = $this->decodeJWT($token);
  85. //var_dump(json_decode($data,true)) ;
  86. //print $data->{'id'};
  87. $cmd1 = Yii::$app->db->createCommand('SELECT id,name,exp,start_date FROM attendence WHERE id = :id');
  88. $data1 = $cmd1->bindParam(':id', $data->{'id'})
  89. ->queryOne();
  90. $res = [
  91. 'success' => true,
  92. 'data' => $data1,
  93. ];
  94. }
  95.  
  96. else {
  97. $res = [
  98. 'success' => false,
  99. ];
  100. }
  101.  
  102. }
  103. else {
  104. $res = [
  105. 'sucess' => false,
  106. 'message' => 'no headers provided',
  107. ];
  108. }
  109.  
  110.  
  111. $response = Yii::$app->response;
  112. $response->format = \yii\web\Response::FORMAT_JSON;
  113. $response->data = ['res' => $res ];
  114. }
  115.  
  116. public function actionTimeTable {
  117. $request = Yii::$app->request;
  118.  
  119. $emp_id = $request->post('emp_id');
  120. $month = $request->post('month');
  121. $year = $request->post('year');
  122.  
  123. $cmd1 = Yii::$app->db->createCommand('SELECT * FROM acerp-class-timetable-creation WHERE emp_id = :emp_id AND month = :month AND year = :year');
  124. $data = $cmd1->bindParam(':emp_id', $emp_id)
  125. ->bindParam(':month', $month)
  126. ->bindParam(':year', $year)
  127. ->queryAll();
  128.  
  129. $response = Yii::$app->response;
  130. $response->format = \yii\web\Response::FORMAT_JSON;
  131. $response->data = ['res' => $data ];
  132. }
  133.  
  134. public function action
  135. private function base64UrlEncode(string $data): string
  136. {
  137. $urlSafeData = strtr(base64_encode($data), '+/', '-_');
  138.  
  139. return rtrim($urlSafeData, '=');
  140. }
  141.  
  142. private function base64UrlDecode(string $data): string
  143. {
  144. $urlUnsafeData = strtr($data, '-_', '+/');
  145.  
  146. $paddedData = str_pad($urlUnsafeData, strlen($data) % 4, '=', STR_PAD_RIGHT);
  147.  
  148. return base64_decode($paddedData);
  149. }
  150.  
  151. private function generateJWT(
  152.  
  153. string $algo,
  154. array $header,
  155. array $payload,
  156. string $secret
  157. ): string {
  158. $headerEncoded = $this->base64UrlEncode(json_encode($header));
  159.  
  160. $payloadEncoded = $this->base64UrlEncode(json_encode($payload));
  161.  
  162. // Delimit with period (.)
  163. $dataEncoded = "$headerEncoded.$payloadEncoded";
  164.  
  165. $rawSignature = hash_hmac($algo, $dataEncoded, $secret, true);
  166.  
  167. $signatureEncoded = $this->base64UrlEncode($rawSignature);
  168.  
  169. // Delimit with second period (.)
  170. $jwt = "$dataEncoded.$signatureEncoded";
  171.  
  172. return $jwt;
  173. }
  174.  
  175. private function decodeJWT(string $token) {
  176.  
  177. $decode = explode('.', $token);
  178. $data = $this->base64UrlDecode($decode[1]);
  179. $decode = json_decode($data);
  180. return $decode;
  181.  
  182. }
  183. private function verifyJWT(string $algo, string $jwt, string $secret): bool
  184. {
  185. list($headerEncoded, $payloadEncoded, $signatureEncoded) = explode('.', $jwt);
  186.  
  187. $dataEncoded = "$headerEncoded.$payloadEncoded";
  188.  
  189. $signature = $this->base64UrlDecode($signatureEncoded);
  190.  
  191. $rawSignature = hash_hmac($algo, $dataEncoded, $secret, true);
  192.  
  193. return hash_equals($rawSignature, $signature);
  194. }
  195.  
  196. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!