<?phpnamespace Controller;if( !isset($_SESSION) ) session_start();

1. <?php
2.  
3. namespace Controller;
4.  
5. if( !isset($_SESSION) )
6. session_start();
7.  
8. use Model\User;
9. use Storage\StorageFactory;
10.  
11. class AuthController extends Controller
12. {
13. public $storage;
14.  
15. public function __construct( StorageFactory $storageFactory )
16. {
17. parent::__construct( $storageFactory );
18. $this->storage = $this->storage( "mysql" );
19. }
20.  
21. public function register()
22. {
23. if( isset($_POST["createbutton"]))
24. {
25. $count = 7;
26. $id_r = $_POST['id'] ?? '';
27. if( $id_r == '' )
28. {
29. $count--;
30. $id_r = 0;
31. echo '<li class="error">The id filed cannot be empty</li>';
32. }
33. $user = new User( $id_r );
34.  
35. $user->name = $_POST['name'] ?? '';
36. $user->surname = $_POST['surname'] ?? '';
37. $user->email = $_POST['email'] ?? '';
38. $pass = $_POST['password'] ?? '';
39. $user->confirmed = false;
40. $pass_c = $_POST['password_confirmation'] ?? '';
41. $user->token = $this->stringToHex();
42.  
43.  
44. if( $user->name == '' )
45. {
46. $count--;
47. echo '<li class="error">The name filed cannot be empty</li>';
48. }
49. if( $user->surname == '' )
50. {
51. $count--;
52. echo '<li class="error">The surname filed cannot be empty</li>';
53. }
54. if( $user->email == '' )
55. {
56. $count--;
57. echo '<li class="error">The email filed cannot be empty</li>';
58. }
59. if( $pass == '' )
60. {
61. $count--;
62. echo '<li class="error">The password filed cannot be empty</li>';
63. }
64. else
65. $user->password = password_hash( $_POST['password'], PASSWORD_DEFAULT );
66. if( $pass_c == '' )
67. {
68. $count--;
69. echo '<li class="error">The password confirmation filed cannot be empty</li>';
70. }
71. if( $pass != $pass_c )
72. {
73. $count--;
74. echo '<li class="error">The password confirmation filed does not match the password field</li>';
75. }
76.  
77. if( $count == 7 )
78. {
79. $this->storage->store( $user );
80. header( "Location: /auth/confirmation_notice" );
81. }
82. }
83.  
84. return "auth.register.index";
85. }
86.  
87. public function login()
88. {
89. if( isset($_POST['enterbutton']) )
90. {
91. $email = $_POST['email'];
92. $user = $this->storage->loadAll();
93. $flag = 1;
94. foreach( $user as $u )
95. {
96. if( $u->email == $email )
97. {
98. $flag = 0;
99. if( password_verify( $_POST['password'], $u->password ) )
100. {
101. if( !$u->confirmed )
102. header( "Location: /auth/confirmation_notice" );
103. else
104. {
105. $_SESSION['passwordvalid'] = $u->name;
106. $_SESSION['passwordsurname'] = $u->surname;
107. header( "Location: /" );
108. }
109. }
110. echo '<li class="error">Password is invalid!</li>';
111. }
112. }
113. if( $flag == 1 )
114. {
115. $_SESSION['logininvalid'] = $_POST['email'];
116. header( "Location: /" );
117. }
118. }
119. return "auth.login.index";
120. }
121.  
122. public function confirmation_notice()
123. {
124. return "auth.confirmation_notice.index";
125. }
126.  
127. public function confirm()
128. {
129. if( $_SERVER['REQUEST_URI'] == '/auth/confirm/ThisIsAnInvalidEmailConfirmationToken' )
130. $_SESSION['errorinvalid'] = 0;
131. else
132. {
133. $user = $this->storage->loadAll();
134. $token = str_replace('/auth/confirm/', '', $_SERVER['REQUEST_URI']);
135. foreach( $user as $u )
136. {
137. if( $u->token == $token )
138. {
139. $u->confirmed = true;
140. $u->token = null;
141. $this->storage->store( $u );
142. }
143. }
144.  
145. $_SESSION['errorinvalid'] = 1;
146. }
147. header( "Location: / " );
148. }
149.  
150. public function logout()
151. {
152. $_SESSION['logout'] = 1;
153. header( "Location: /" );
154. }
155.  
156. private function stringToHex()
157. {
158. $retval = '';
159. $text = str_pad(dechex( mt_rand()), 16 );
160. for( $i = 0; $i < strlen($text); $i++ )
161. {
162. $retval .= dechex( ord($text[$i]) );
163. }
164. return $retval;
165. }
166. }