Restful User Authentication

userauth

... 

require 'Slim/Slim.php';
require 'NotORM.php';

\Slim\Slim::registerAutoloader();
$app = new \Slim\Slim();

$pdoDatabase = new PDO(
    "mysql:dbname=szwebapp;host=localhost",
    "root",
    "root"
);

$db = new NotORM($pdoDatabase);

..... 

$app->post('/login', function() use ($app, $db) {

    $sessionId = 0;

    $app->response()->header("Content-Type", "application/json");
    $postData = $app->request()->post();

    $user = $db->user()->where('username', $postData['user']);

    if($user->count() == 1) {

        $userData = $user->fetch();

        if($userData['password'] != sha1($postData['pass'])) {
            echo json_encode(array("message" => "Das Passwort ist falsch", "code" => 403));
        }

        elseif($userData['password'] == sha1($postData['pass'])) {

            $sessionId = sha1($userData['username'].$userData['password'].microtime());

            $time = array(
                "lastlogin" => time(),
                "sessionid" => $sessionId
            );

            if($user->update($time)) {
                echo json_encode(array("id" => $userData['id'], "sessionid" => $sessionId, "username" => $userData['username'], "code" => 200));
            }

            else {
                echo json_encode(array("message" => "Fehler beim Erstellen des Updates", "code" => 403));
            }
        }
    }

    else {
        echo json_encode(array("message" => "Benutzer wurde nicht gefunden", "code" => 403));
    }
});