Untitled

<?php

    require 'snoken/drivers/driver.php';
    require 'snoken/drivers/mysql.php';
    require 'snoken/base.php';
    require 'snoken/manager.php';
    require 'Models.php';
    require 'Session.php';

    Slim_Route::setDefaultConditions(array(

        // 'ad' refers to advertisement ID's in the URL.
        // should always be numeric, and atleast 1 character.
        'ad' => '[0-9]{1,}'

    ));

    // Database settings, herpaderp.
    $databaseSettings = array(
        'host' => 'localhost',
        'dbname' => 'test',
        'user' => 'root',
        'pass' => ''
    );


    // Starts the Snoken driver and assigns it to the Manager:
    Snoken\Manager::setDriver(
            new Snoken\Drivers\MySQLDriver("host={$databaseSettings['host']};dbname={$databaseSettings['dbname']}",
                                            $databaseSettings['user'], $databaseSettings['pass'])
        );

    /*
     * Look for a session cookie. If it's set, use it to
     * start the active session, otherwise the default
     * behavior is to start a new empty session.
     */
    Session::start(Slim::getEncryptedCookie('adpanelSession'));

    /*
     * Landing page:
     * - Check if the user is logged in. If not,
     *   redirect to the login page.
     */
    Slim::get('/', function() {
        if( !Session::param('logged_in') )
            Slim::redirect('login');

        render('home', array('title' => 'Oh teehee!'));
    });

    /*
     * Log-in page for ADPanel.
     *
     * Flashes errors, if any. POST's to /login.
     */
    Slim::get('/login', function() {

        // Skip the login page if we're already logged in.
        if( Session::param('logged_in') )
            Slim::redirect('.', 302);

        render('login', array(

                'title' => 'Please log-in to your account.',
                'csrf_token' => Session::csrf_token(),
                'error' => Session::flash('login_error')

            ));
    });

    /*
     * The actual login process takes place here.
     * Redirects to / on success, or back to /login
     * with an error component, if there's a reason to.
     */
    Slim::post('/login', function() {

        $login_error = function($message) {
            Session::param('login_error', $message);
            Slim::redirect('login', 302);
        };

        $request = Slim::request();

        // Verify the csrf token:
        if( !Session::csrf_token($request->post('csrf_token')) )
            $login_error('An error has ocurred with your request, please try again.');

        // Return to the login page with an error:
        if(!$user = $request->post('username') or !$pass = $request->post('password'))
            $login_error('Please provide a username and a password.');


        // Get the User related to this name:
        $user = User::select(array('name' => strtolower($user)), null, 1)->one();
        if( !$user )
            $login_error('No user was found with that name.');

        // Hash the provided password and compare it:
        $hashedPass = User::hash($pass, $user->salt);
        if( $hashedPass !== $user->pass )
            $login_error('Invalid password provided for that user.');

        Session::param('logged_in', true);
        Session::param('started', time());
        Session::param('user', $user);

        Slim::redirect('.', 302);
    });

    Slim::get('/logout', function() {
        Session::clear();
        Slim::redirect('.');
    });