73 lines
2.1 KiB
PHP
73 lines
2.1 KiB
PHP
<?php
|
|
|
|
class AuthController {
|
|
|
|
use CheckCSRF;
|
|
|
|
public function showLoginForm($f3){
|
|
|
|
// store session errors or messages, then clear
|
|
$f3->set('error', $f3->get('SESSION.login_error'));
|
|
$f3->clear('SESSION.login_error');
|
|
|
|
// this can be in our controller base
|
|
$f3->set('content', 'views/login.html');
|
|
echo \Template::instance()->render('templates/layout.html');
|
|
$f3->clear('error');
|
|
}
|
|
|
|
public function login($f3){
|
|
// CSRF
|
|
$this->checkCSRF($f3, '/login');
|
|
|
|
$username = $f3->get('POST.username');
|
|
$password = $f3->get('POST.password');
|
|
|
|
$db = $f3->get('DB');
|
|
// query for user
|
|
$result = $db->exec(
|
|
'SELECT u.id, u.username, u.password, u.role, u.is_admin, r.role as role_name
|
|
FROM users u
|
|
LEFT JOIN roles r ON r.id = u.role
|
|
WHERE username =?
|
|
LIMIT 1', $username
|
|
);
|
|
|
|
// verifiy password
|
|
if($result){
|
|
$user = $result[0]; // first row
|
|
if(password_verify($password, $user['password'])){
|
|
// valid
|
|
$f3->set('SESSION.user', [
|
|
'id'=> $user['id'],
|
|
'username' => $user['username'],
|
|
'role' => $user['role'],
|
|
'role_name' => $user['role_name'],
|
|
'is_admin' => $user['is_admin']
|
|
]);
|
|
|
|
if($f3->exists('SESSION.redirect')){
|
|
$redirect = $f3->get('SESSION.redirect');
|
|
$f3->clear('SESSION.redirect');
|
|
$f3->reroute($redirect);
|
|
}
|
|
|
|
$f3->reroute('/dashboard');
|
|
} else {
|
|
$f3->set('SESSION.login_error', 'Invalid password');
|
|
}
|
|
} else {
|
|
// if here, login failed.
|
|
$f3->set('SESSION.login_error', 'Invalid username');
|
|
}
|
|
|
|
$f3->reroute('/login');
|
|
|
|
}
|
|
|
|
public function logout($f3){
|
|
$f3->clear('SESSION');
|
|
$f3->reroute('/');
|
|
}
|
|
|
|
} |