<?phprequire_once('../App/Models/CreateAccount.php');class CreateAccount{

1. <?php
2.  
3. require_once('../App/Models/CreateAccount.php');
4.  
5. class CreateAccount
6. {
7. public function index()
8. {
9. $view = '../App/Views/CreateAccount/index.php';
10. View::render($view, []);
11. }
12.  
13. public function submit()
14. {
15. // pass registration credentials to model for processing
16. $cred = ['username' => $_POST['username'],
17. 'password' => $_POST['password']];
18. $processed_cred = CreateAccountModel::processCredentials($cred);
19.  
20. // pass processed credentials to model for account creation
21. CreateAccountModel::register($processed_cred);
22.  
23. $username = $processed_cred['username'];
24. $data = ['username' => $username];
25. $view = '../App/Views/CreateAccount/submit.php';
26. View::render($view, $data);
27. }
28. }
29.  
30. ?>
31.  
32. <?php
33.  
34. require_once('../Core/Model.php');
35.  
36. class CreateAccountModel extends Model
37. {
38. public static function processCredentials($cred)
39. {
40. $username = htmlspecialchars($cred['username']);
41. $hashed_password = password_hash($cred['password'], PASSWORD_DEFAULT);
42. $processed_cred = ['username' => $username,
43. 'hashed_pass' => $hashed_password];
44.  
45. return $processed_cred;
46. }
47.  
48. public static function register($processed_cred)
49. {
50. $username = $processed_cred['username'];
51. $hashed_password = $processed_cred['hashed_pass'];
52. $record = ['id' => NULL,
53. 'username' => $username,
54. 'hashed_password' => $hashed_password,
55. 'created_at' => NULL];
56.  
57. $conn = static::getConn();
58. $db = new QueryBuilder($conn);
59. $db->insert('users', $record);
60. }
61.  
62. }
63.  
64. ?>
65.  
66. <?php
67.  
68. require_once('../App/Models/Login.php');
69. require_once('../Core/View.php');
70.  
71. class Login
72. {
73. public function index()
74. {
75. $view = '../App/Views/Login/index.php';
76. View::render($view, []);
77. }
78.  
79. public function submit()
80. {
81. $cred = ['username' => $_POST['username'],
82. 'password' => $_POST['password']];
83.  
84. // pass supplied username to model for escaping
85. $username = $cred['username'];
86. $escapedUsername = LoginModel::escapeUsername($username);
87. $password = $_POST['password'];
88. $processedCred = ['username' => $escapedUsername,
89. 'password' => $password];
90.  
91. // pass processed credentials to model for authentication
92. $validLogin = LoginModel::authenticate($processedCred);
93. if ($validLogin) {
94. session_start();
95. $_SESSION['user'] = $escapedUsername;
96.  
97. $data = ['username' => $escapedUsername];
98. $view = '../App/Views/Login/successful_login.php';
99. View::render($view, $data);
100. } else {
101. $view = '../App/Views/Login/failed_login.php';
102. View::render($view, []);
103. }
104. }
105.  
106. public function logOut()
107. {
108. session_start();
109. $_SESSION = [];
110. session_destroy();
111.  
112. $view = '../App/Views/Login/index.php';
113. View::render($view, []);
114. }
115. }
116.  
117. ?>
118.  
119. <?php
120.  
121. require_once('../Core/Model.php');
122.  
123. class LoginModel extends Model
124. {
125. public static function escapeUsername($username)
126. {
127. return(htmlspecialchars($username));
128. }
129.  
130. public static function authenticate($processedCred)
131. {
132. $username = $processedCred['username'];
133. $password = $processedCred['password'];
134.  
135. $conn = static::getConn();
136.  
137. $sql = 'SELECT * FROM users WHERE username=:username';
138. $stmt = $conn->prepare($sql);
139. $stmt->bindParam('username', $username);
140. $user_exists = $stmt->execute();
141. if ($user_exists) {
142. $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
143. foreach ($results as $row) {
144. $hashed_password = $row['hashed_password'];
145. if (password_verify($password, $hashed_password)) {
146. return True;
147. }
148. }
149. }
150. return False;
151. }
152.  
153. }
154.  
155. ?>
156.  
157. <?php
158.  
159. // Config.php is a configuration file in the App directory containing
160. // sensitive database login information, so it is NOT posted on GitHub
161. require_once('../App/Config.php');
162.  
163. class QueryBuilder
164. {
165. protected $pdo;
166.  
167. public function __construct($dbConn)
168. {
169. $this->pdo = $dbConn;
170. }
171.  
172. public function selectAll($table)
173. {
174. $statement = $this->pdo->prepare("SELECT * FROM {$table}");
175. $statement->execute();
176.  
177. return $statement->fetchAll(PDO::FETCH_ASSOC);
178. }
179.  
180. public function insert($table, $record)
181. {
182. $col_names = implode(', ', array_keys($record));
183. $parameters = ':' . implode(',:', array_keys($record));
184. $sql = sprintf("INSERT INTO %s (%s) VALUES (%s)", $table, $col_names, $parameters);
185.  
186. $parameters = explode(',', $parameters);
187. $arr = array_combine($parameters, $record);
188.  
189. try {
190. $stmt = $this->pdo->prepare($sql);
191. foreach ($arr as $param => $val) {
192. // cleaner to use bindValue() instead of bindParam()
193. // when values may be NULL
194. $stmt->bindValue($param, $val);
195. }
196. $stmt->execute();
197. } catch (PDOException $e) {
198. die('Database insert error.');
199. }
200. }
201. }
202.  
203. ?>