Auth logic is completed (signin, signup, logout), Added: Middlewares, RequireAuth middleware

2024-12-26 14:44:40 +01:00
parent 01b057986e
commit 4c44dac115
11 changed files with 112 additions and 31 deletions
--- a/app/controllers/AuthController.php
+++ b/app/controllers/AuthController.php
@ -6,6 +6,19 @@ class AuthController extends Controller  {
            $email = $_POST['email'] ?? '';
            $password = $_POST['password'] ?? '';

+            $validator = new Validator();
+            $validator->required('email', $email);
+            $validator->email('email', $email);
+            $validator->required('password', $password);
+
+            if (!$validator->passes()) {
+                $this->view('auth/signup', [
+                    'error' => 'Please correct the errors below.',
+                    'validationErrors' => $validator->errors() ?: [],
+                ]);
+                return;
+            }
+
            $user = new User();
            $result = $user->login($email, $password);

@ -26,9 +39,7 @@ class AuthController extends Controller  {
            $password = $_POST['password'] ?? '';
            $password2 = $_POST['password-2'] ?? '';

-            // Perform validations
            $validator = new Validator();
-
            $validator->required('username', $username);
            $validator->email('email', $email);
            $validator->required('password', $password);
@ -65,4 +76,10 @@ class AuthController extends Controller  {
            ]);
        }
    }
+
+    public function logout() {
+        session_unset(); 
+        session_destroy();
+        $this->redirect('/auth/signin');
+    }
 }
--- a/app/controllers/HomeController.php
+++ b/app/controllers/HomeController.php
@ -1,22 +1,18 @@
 <?php

-class HomeController {
-    //private function render($view) {
-    //    ob_start();
-    //    require_once views . $view;
-    //    $content = ob_get_clean();
-    //    require_once views . 'layouts/base.php';
-    //}
+class HomeController extends Controller {
    public function index() {
-        $view = new View();
        $data = [
            'title' => 'Home'
        ];
-        $view->render('home/index', $data);
-        //require_once views . 'home/index.php';
+        $this->view('home/index', $data);
    }
    
    public function home() {
        $this->index();
    }
+
+    public function dashboard() {
+        $this->view("dashboard/index");
+    }
 }
--- a/app/models/User.php
+++ b/app/models/User.php
@ -27,7 +27,6 @@ class User {
            return "Email is already registered";
        }

-        // Hash the password
        $hashedPassword = password_hash($password, PASSWORD_BCRYPT);

        $stmt = $this->db->prepare("INSERT INTO users (username, email, password, points, created_at) VALUES (?, ?, ?, 0, NOW())");
@ -39,7 +38,27 @@ class User {
            return "Error: " . $stmt->error;
        }
    }
+
+    public function login($email, $password) {
+        $hashedPassword = password_hash($password, PASSWORD_BCRYPT);
+
+        $stmt = $this->db->prepare("SELECT username, password FROM users WHERE email = ?");
+        $stmt->bind_param("s", $email);
+        $stmt->execute();
+        $result = $stmt->get_result();
+        $stmt->close();
+
+        if ($result->num_rows === 1) {
+            $user = $result->fetch_assoc();
+            if (password_verify($password, $user['password'])) {
+                $_SESSION['user'] = [
+                    'username' => $user['username'],
+                    'email' => $email,
+                ];
+                return true;
+            } 
+        } 
+
+        return "Invalid email or password.";
+    }
 }
-
-?>
-
--- a/app/views/auth/signin.php
+++ b/app/views/auth/signin.php
@ -1,9 +1,21 @@
 <section class="signin">
-  <form>
-    <label for="username">Username</label>
-    <input type="text" name="username" id="username">
-    <label for="password">Password</label>
-    <input type="password" name="password" id="password">
-    <input type="submit" value="Sign In" id="submit-signin">
-  </form>
+    <?php if ($this->get('error')): ?>
+        <div class="error"><?= $this->get('error') ?></div>
+    <?php endif; ?>
+
+    <form action="/auth/signin" method="POST">
+        <label for="email">Email</label>
+        <input type="email" name="email" id="email" value="<?= htmlspecialchars($_POST['email'] ?? '') ?>" required>
+        <?php if (isset($this->get('validationErrors')['email'])): ?>
+            <small class="error"><?= $this->get('validationErrors')['email'] ?></small>
+        <?php endif; ?>
+
+        <label for="password">Password</label>
+        <input type="password" name="password" id="password" required>
+        <?php if (isset($this->get('validationErrors')['password'])): ?>
+            <small class="error"><?= $this->get('validationErrors')['password'] ?></small>
+        <?php endif; ?>
+
+        <input type="submit" value="Sign In">
+    </form>
 </section>
--- a/app/views/dashboard/index.php
+++ b/app/views/dashboard/index.php
@ -0,0 +1 @@
+<h1>Welcome <?= $_SESSION['user']['username']?>!</h1>
--- a/app/views/layouts/base.php
+++ b/app/views/layouts/base.php
@ -8,6 +8,7 @@
    <header>
      <a href="/auth/signin">Log In</a>
      <a href="/auth/signup">Sign Up</a>
+      <a href="/auth/logout">Log Out</a>
    </header>
    <section class="content">
      <?= $content ?>
--- a/app/views/shared/header.php
+++ b/app/views/shared/header.php
@ -1,4 +0,0 @@
-<header>
-  <a href="/signin">Log In</a>
-  <a href="/signup">Sign Up</a>
-</header>
				`@ -0,0 +1 @@`
				`<h1>Welcome <?= $_SESSION['user']['username']?>!</h1>`