iwa-panda1

Manage Weather Data by International Weather Agency (Version 1)
Log | Files | Refs
commit 89b0f9ce9c75264c34286f4dd34fc503af91d884
parent 00faed6eeaf408df84860c71d2450988e1d2787a
Author: MoiBaguette <[email protected]>
Date:   Thu, 20 Apr 2023 00:27:43 +0200

better login logic

Diffstat:

Dback-up/router.php | 39---------------------------------------


Aclasses/Login_handler.php | 47+++++++++++++++++++++++++++++++++++++++++++++++


Mindex.php | 2+-


Mlogic/login_handler.php | 68+++++++++++++++++++-------------------------------------------------


Mviews/homepage.php | 9++++++++-


5 files changed, 75 insertions(+), 90 deletions(-)

diff --git a/back-up/router.php b/back-up/router.php
@@ -1,38 +0,0 @@
-<?php
-
-function router_match(string $route, string $match): ?array
-{
-	$route_split = explode('/', $route);
-	$match_split = explode('/', $match);
-
-	if (sizeof($route_split) != sizeof($match_split)) {
-		return null;
-	}
-
-	$route_vars = array();
-	foreach ($match_split as $index => $m) {
-		if (str_starts_with($m, ':')) {
-			$route_vars[substr($m, 1)] = $route_split[$index];
-		} else if ($m != $route_split[$index]) {
-			return null;
-		}
-	}
-	return $route_vars;
-}
-
-function router(string $base, array $routes): bool
-{
-	$url = $_SERVER["REQUEST_URI"];
-	$route = '/';
-	if (strpos($url, "alteruser.php"))
-		$route = explode("alteruser.php", $url)[1];
-
-	foreach ($routes as $match => $func) {
-		$vars = router_match($route, $match);
-		if ($vars != null) {
-			$func($vars);
-			return true;
-		}
-	}
-	return false;
-}
-\ No newline at end of file
diff --git a/classes/Login_handler.php b/classes/Login_handler.php
@@ -0,0 +1,46 @@
+<?php
+class Login_handler
+{
+    function login(string $email, string $pwd) : bool
+    //this function return true when user is autheticated uses set_globals to set $_SESSION variables
+    {
+        //create a SQLDatabase class
+        $db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "wap2");
+        //create a Database object class, with the table User
+        $u = $db->get(User::class);
+        
+        //check if the email exists in db
+        if(!$u->where('email', $email)){
+            //email does not exist
+            return FILTER_SANITIZE_ADD_SLASHES;
+        }else{
+            if(password_verify($pwd, $u->password)){
+                //authenticated -> set $_SESSION variables
+                $this->set_globals($u, $db);             
+                return true;
+            } else {
+                //password did not match
+                return false;
+            }
+        }
+    }
+     
+    private function set_globals(Lollipop\DatabaseObject $u, Lollipop\SQLDatabase $db)
+    //this function sets Session variables which incluse
+    //email, first_name, last_name and array user_permissions
+    {
+        //start session and set
+        session_start();
+        $_SESSION['email'] = $u->email;
+        $_SESSION['first_name'] = $u->first_name;
+        $_SESSION['last_name'] = $u->last_name;
+
+        //get permissions form db and set sessions_permissions
+        $p = $db->all_where(Permission_user::class, array('user_id' => $u->user_id));
+        foreach($p as $permission){
+            $user_permissions[] = $permission->permission_id;
+        }
+        $_SESSION['user_permissions'] = $user_permissions;
+    }
+}
+?>
+\ No newline at end of file
diff --git a/index.php b/index.php
@@ -29,7 +29,7 @@ $router->addRoute(['GET', 'POST'], '/alter_user', 'views/alter_user.php');
 $router->addRoute(['GET'], '/dashboard', 'views/dashboard.php');
 
 //homepage
-$router->addRoute(['GET'], '/homepage', 'views/homepage.php');
+$router->addRoute(['GET', 'POST'], '/homepage', 'views/homepage.php');
 
 //navbar
 $router->addRoute(['GET'], '/navbar', 'views/navbar.php');
diff --git a/logic/login_handler.php b/logic/login_handler.php
@@ -1,52 +1,22 @@
 <?php
-	include "utils/autoloader.php";
-	if(isset($_SESSION['email'])){
-		header('Location: dashboard.php');
-	}
-	$db = new Lollipop\SQLDatabase("86.92.67.21", "friedel", "hailiwa", "wap2");
-	// check if a post request was sent
-	if ($_SERVER["REQUEST_METHOD"] == "POST") {
-		// fetch data from the form
-		if(isset($_POST['login_btn'])){
-			if(!isset($_POST['email']) || !isset($_POST['password'])){
-				echo "<p style=\"color:red\">One of the forms was empty.</p>";
-			} else {
-				//store data from the form in a variable
-				$email = $_POST['email'];
-				$pwd = $_POST['password'];
+include "utils\autoloader.php";
 
-				//create a User orm class 
-				$u = $db->all_where(User::class, array('email' => $email));
-				//tm 26 is workaround
-				foreach($u as $userdata){
-					$userdata->email;
-				}
-				$u = $userdata;
-				var_dump($u);
-				if($u->email == null){
-					//user incorrect, but to give out as little person info as possible just show either is wrong
-					echo"<p style=\"color:red\">Invalid username or password. cannot find user</p>";
-				}else{
-					//password verification logic
-					if(password_verify($pwd, $u->password)){
-						//start session and set session variables
-						session_start();
-						$_SESSION['email'] = $u->email;
-						$_SESSION['first_name'] = $u->first_name;
-						$_SESSION['last_name'] = $u->last_name;
-
-						$p = $db->all_where(Permission_user::class, array('user_id' => $u->user_id));
-						foreach($p as $permission){
-							$user_permissions[] = $permission->permission_id;
-						}
-						$_SESSION['user_permissions'] = $user_permissions;
-						header('Location: /dashboard');
-					}else{
-						//password incorrect, but to give out as little person info as possible just show either is wrong
-						echo"<p style=\"color:red\">Invalid username or password.</p>";
-					}
-				}
-			}
-	}
-}
+//create login class
+$login_handler = new Login_handler;
+$msg = "";
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    if(!isset($_POST['email']) || !isset($_POST['password'])){
+        $msg = "<p style=\"color:red\">One of the forms was empty.</p>";
+    } elseif(isset($_POST['email']) && isset($_POST['password'])) {
+        // fetch data from the form pass to login_handler function
+        if(($login_handler->login($_POST['email'], $_POST['password']))){
+            //authenticated
+            $msg = "authenticated";
+            header('Location: /dashboard');
+        }else{
+            //incorrect username or password
+            $msg = "<p style=\"color:red\">Incorrect username of password 2.</p>";
+        }
+    }
+}  
 ?>
 \ No newline at end of file
diff --git a/views/homepage.php b/views/homepage.php
@@ -1,4 +1,7 @@
 <!DOCTYPE html>
+<?php
+include "logic\login_handler.php"
+?>
 <html>
 <head>
     <title>IWA - Weather Stations</title>
@@ -20,12 +23,16 @@
     </div>
     <div class="login-section">
         <h2>Login</h2>
-        <form class="login-form" action="login_handler" method="post">
+        <form class="login-form" action="/homepage" method="post">
             <label for="email">Email:</label>
             <input type="text" name="email" required>
             <label for="password">Password:</label>
             <input type="password" name="password" required>
             <button type="submit" name='login_btn'>Login</button>
+            <?php 
+            //display login $msg
+            echo $msg;
+            ?>
         </form>
     </div>
 </div>