/controllers/SessionController.php

https://github.com/cwooijoon/rmitwda-digicel-59432e7abb0f68236a8f955756408c64412accce · PHP · 71 lines · 47 code · 9 blank · 15 comment · 5 complexity · 3cfd1212222e5c86104b31e2e48e9e65 MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * This is the Session Controller class.
    4. 

  4.  *
    5. 

  5.  * @author donal.ellis@rmit.edu.au
    6. 

  6.  */
    7. 

  7. session_start();
    8. 

  8. 

  9. require_once(LIBRARY_PATH . DS . 'Template.php');
    10. 

  10. require_once(APP_PATH . DS . 'models/User.php');
    11. 

  11. 

  12. class SessionController {
    13. 

  13. 

  14.   public function __construct() {
    15. 

  15.     $this->template = new Template;
    16. 

  16.     $this->template->template_dir = APP_PATH . DS . 'views' . DS . 'session' . DS;
    17. 

  17. 

  18.     $this->template->title = 'Log in';
    19. 

  19.   }
    20. 

  20. 

  21.   public function add() {
    22. 

  22.     if (isset($_SESSION['session']['error'])) {
    23. 

  23.       $this->template->error = $_SESSION['session']['error'];
    24. 

  24.       unset($_SESSION['session']['error']);
    25. 

  25.     }
    26. 

  26. 

  27.     $this->template->display('add.php');
    28. 

  28.   }
    29. 

  29. 

  30.   public function create() {
    31. 

  31.     // TODO
    32. 

  32.     // get username and password
    33. 

  33.     // and validate them against values in db
    34. 

  34.     if (!$user = User::retrieve(array('username' => $_POST['username']))) {
    35. 

  35.       // user doesn't exist
    36. 

  36.       // redirect back to login page
    37. 

  37.       $_SESSION['session']['error'] = "You cannot login with those details";
    38. 

  38.       header("Location: /Test/session/new");
    39. 

  39.       exit;
    40. 

  40.     }
    41. 

  41.     if ($_POST['password'] != $user->password) {
    42. 

  42.       // password is wrong
    43. 

  43.       // redirect back to login page
    44. 

  44.       $_SESSION['session']['error'] = "You cannot login with those details";
    45. 

  45.       header("Location: /Test/session/new");
    46. 

  46.       exit;
    47. 

  47.     }
    48. 

  48.     // credentials are correct
    49. 

  49.     // add user to session
    50. 

  50.     // redirect to users show page
    51. 

  51.     $_SESSION['user']['user_id'] = $user->user_id;
    52. 

  52.     $_SESSION['user']['account_type_id'] = $user->account_type_id;
    53. 

  53.     header("Location: /Test/users/{$user->user_id}");
    54. 

  54.     exit;
    55. 

  55.   }
    56. 

  56. 

  57.   public function destroy() {
    58. 

  58.     $_SESSION = array();
    59. 

  59.     if (ini_get('session.use_cookies')) {
    60. 

  60.       $params = session_get_cookie_params();
    61. 

  61.       setcookie(session_name(), '', time() - 42000,
    62. 

  62.         $params['path'], $params['domain'],
    63. 

  63.         $params['secure'], $params['httponly']
    64. 

  64.       );
    65. 

  65.     }
    66. 

  66.     session_destroy();
    67. 

  67. 

  68.     header("Location: /Test/session/new", false);
    69. 

  69.     exit;
    70. 

  70.   }
    71. 

  71. }
    72.