Duffer Derek

<?php

/**
 * Created by PhpStorm.
 * User: sanju
 * Date: 6/6/18
 * Time: 10:45 AM
 */

namespace App\Controllers;


use App\Repository\General\PodioConfig;
use App\Repository\General\Log;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Views\Twig as View;
use Psr\Http\Message\ResponseInterface as Response;
use App\Repository\General\DB;
use PDO;

class LoginController
{
    public function authenticate(Request $request, Response $response, View $view)
    {

        $param = $request->getQueryParams();
        if (isset($_SESSION['user_id'])) {
            return $response->withRedirect('/workspace'); // already logged in
        }
        if (isset($param['code']) && !empty($param['code'])) {
            $code = $param['code'];
            \Podio::setup(PodioConfig::$PODIO_CLIENT_ID, PodioConfig::$PODIO_CLIENT_SECRET);
            $res = \Podio::authenticate('authorization_code', array('code' => $code, 'redirect_uri' => PodioConfig::$REDIRECT_URL));
            if ($res) {
                $user = \PodioUser::get();
                $podioAuthObject = \Podio::$oauth;


                /**
                 * Delete if already exist
                 */
                $sql = "DELETE FROM auth WHERE user=:user";
                $data_delete = array("user" => $user->user_id);
                $STHDELETE = DB::prepare($sql);
                $STHDELETE->execute($data_delete);


                /**
                 * Insert the new column into `auth` table
                 */
                $sql = "insert into auth (access_token,refresh_token,expire_time,start_time,end_time,`key`,`user`) 
                    values ( AES_ENCRYPT(:access_token,:secret),AES_ENCRYPT(:refresh_token,:secret),:expire_time,:start_time,:end_time,:key,:user)";

                $STH = DB::prepare($sql);
                $data = array(
                    'secret' => PodioConfig::$SECRET_KEY,
                    'access_token' => $podioAuthObject->access_token,
                    'refresh_token' => $podioAuthObject->refresh_token,
                    'expire_time' => time() + $podioAuthObject->expires_in,
                    'start_time' => time(), // rate limit count - start time
                    'end_time' => time() + (60 * 60),
                    'key' => 1,
                    'user' => $user->user_id
                );


                try {

                    $STH->execute($data);
                    // return $response->withRedirect('/home');
                    $_SESSION['podio_refresh_token'] = $podioAuthObject->refresh_token;
                    $_SESSION['user_id'] = $user->user_id;

                    return $response->withRedirect('/workspace');
                } catch (\Exception $e) {
                    Log::logError($e, "PDO ERROR", "LoginController");
                }
            }
        } else {
            return $response->withRedirect('https://podio.com/oauth/authorize?client_id=' . PodioConfig::$PODIO_CLIENT_ID . '&redirect_uri=' . PodioConfig::$REDIRECT_URL);
        }
    }

    public function logout($request, $response)
    {
        // Clear session
        session_unset();
        session_destroy();

        // Optionally restart session to reset ID
        session_start();
        session_regenerate_id(true);

        // Redirect to login
        return $response
            ->withHeader('Location', '/')
            ->withStatus(302);
    }
}