<?phpinclude './classes/Auth.class.php';include './classes/AjaxRequest.cla

1. <?php
2.  
3. include './classes/Auth.class.php';
4. include './classes/AjaxRequest.class.php';
5.  
6. if (!empty($_COOKIE['sid'])) {
7. // check session id in cookies
8. session_id($_COOKIE['sid']);
9. }
10. session_start();
11.  
12. class AuthorizationAjaxRequest extends AjaxRequest
13. {
14. public $actions = array(
15. "login" => "login",
16. "logout" => "logout",
17. "register" => "register",
18. );
19.  
20. public function login()
21. {
22. if ($_SERVER["REQUEST_METHOD"] !== "POST") {
23. // Method Not Allowed
24. http_response_code(405);
25. header("Allow: POST");
26. $this->setFieldError("main", "Method Not Allowed");
27. return;
28. }
29. setcookie("sid", "");
30.  
31. $username = $this->getRequestParam("username");
32. $password = $this->getRequestParam("password");
33. $remember = !!$this->getRequestParam("remember-me");
34.  
35. if (empty($username)) {
36. $this->setFieldError("username", "Enter the username");
37. return;
38. }
39.  
40. if (empty($password)) {
41. $this->setFieldError("password", "Enter the password");
42. return;
43. }
44.  
45. $user = new Auth\User();
46. $auth_result = $user->authorize($username, $password, $remember);
47.  
48. if (!$auth_result) {
49. $this->setFieldError("password", "Invalid username or password");
50. return;
51. }
52.  
53. $this->status = "ok";
54. $this->setResponse("redirect", ".");
55. $this->message = sprintf("Hello, %s! Access granted.", $username);
56. }
57.  
58. public function logout()
59. {
60. if ($_SERVER["REQUEST_METHOD"] !== "POST") {
61. // Method Not Allowed
62. http_response_code(405);
63. header("Allow: POST");
64. $this->setFieldError("main", "Method Not Allowed");
65. return;
66. }
67.  
68. setcookie("sid", "");
69.  
70. $user = new Auth\User();
71. $user->logout();
72.  
73. $this->setResponse("redirect", ".");
74. $this->status = "ok";
75. }
76.  
77. public function register()
78. {
79. if ($_SERVER["REQUEST_METHOD"] !== "POST") {
80. // Method Not Allowed
81. http_response_code(405);
82. header("Allow: POST");
83. $this->setFieldError("main", "Method Not Allowed");
84. return;
85. }
86.  
87. setcookie("sid", "");
88.  
89. $username = $this->getRequestParam("username");
90. $password1 = $this->getRequestParam("password1");
91. $password2 = $this->getRequestParam("password2");
92.  
93. if (empty($username)) {
94. $this->setFieldError("username", "Enter the username");
95. return;
96. }
97.  
98. if (empty($password1)) {
99. $this->setFieldError("password1", "Enter the password");
100. return;
101. }
102.  
103. if (empty($password2)) {
104. $this->setFieldError("password2", "Confirm the password");
105. return;
106. }
107.  
108. if ($password1 !== $password2) {
109. $this->setFieldError("password2", "Confirm password is not match");
110. return;
111. }
112.  
113. $user = new Auth\User();
114.  
115. try {
116. $new_user_id = $user->create($username, $password1);
117. } catch (\Exception $e) {
118. $this->setFieldError("username", $e->getMessage());
119. return;
120. }
121. $user->authorize($username, $password1);
122.  
123. $this->message = sprintf("Hello, %s! Thank you for registration.", $username);
124. $this->setResponse("redirect", "/");
125. $this->status = "ok";
126. }
127. }
128.  
129. $ajaxRequest = new AuthorizationAjaxRequest($_REQUEST);
130. $ajaxRequest->showResponse();