set('error', $f3->get('SESSION.login_error')); $f3->clear('SESSION.login_error'); // this can be in our controller base $f3->set('content', '../ui/views/login.html'); echo \Template::instance()->render('../ui/templates/layout.html'); $f3->clear('error'); } public function login($f3){ $username = $f3->get('POST.username'); $password = $f3->get('POST.password'); $db = $f3->get('DB'); // query for user $result = $db->exec( 'SELECT u.id, u.username, u.password, u.role, u.is_admin, r.role as role_name FROM users u LEFT JOIN roles r ON r.id = u.role WHERE username =? LIMIT 1', $username ); // verifiy password if($result){ $user = $result[0]; // first row if(password_verify($password, $user['password'])){ // valid $f3->set('SESSION.user', [ 'id'=> $user['id'], 'username' => $user['username'], 'role' => $user['role'], 'role_name' => $user['role_name'], 'is_admin' => $user['is_admin'] ]); if($f3->exists('SESSION.redirect')){ $redirect = $f3->get('SESSION.redirect'); $f3->clear('SESSION.redirect'); $f3->reroute($redirect); } $f3->reroute('/dashboard'); } else { $f3->set('SESSION.login_error', 'Invalid password'); } } else { // if here, login failed. $f3->set('SESSION.login_error', 'Invalid username'); } $f3->reroute('/login'); } public function logout($f3){ $f3->clear('SESSION'); $f3->reroute('/'); } }