Beispiel #1
0
<?php

include_once '../app/services/session.php';
include_once '../app/services/HttpService.php';
include_once '../app/services/AuthenticationService.php';
AuthenticationService::logout();
HttpService::redirect_to('/');
Beispiel #2
0
 /**
  * login
  * @param $username string
  * @param $password string
  */
 public static function login($username, $password)
 {
     // Delete Mocking behavior
     // get db connection
     $db = new DatabaseService();
     $sql_con = $db->getConnection();
     //connection failed
     if (!$sql_con) {
         HttpService::return_service_unavailable();
     }
     //get hash algos
     $algos = hash_algos();
     //take the 3rd algo
     $algo = $algos[2];
     $pw_hash = hash($algo, $password);
     //get user from db
     $query = "SELECT * FROM user WHERE alias = '{$username}' AND password = '******'";
     $result = $sql_con->query($query);
     $row = mysqli_fetch_assoc($result);
     //login data correct?
     if (!isset($row)) {
         HttpService::redirect_to('/login/fail');
     }
     //add alias to session
     $_SESSION['username'] = $row['alias'];
     $_SESSION['user_id'] = $row['id'];
     $roles = array();
     //add user role
     switch ($row['role']) {
         case 1:
             array_push($roles, 'admin');
             break;
         case 2:
             array_push($roles, 'author');
             break;
         case 3:
             array_push($roles, 'user');
             break;
     }
     //add roles to session
     $_SESSION['roles'] = $roles;
 }
Beispiel #3
0
    $title = isset($_POST['title']) ? $_POST['title'] : null;
    $keywords = isset($_POST['keywords']) ? $_POST['keywords'] : null;
    $content = isset($_POST['content']) ? $_POST['content'] : null;
    $user = $_SESSION['username'];
    // Validate required parameters
    if (!isset($title, $content, $user)) {
        HttpService::return_bad_request();
    }
    // Sanitize user input
    $title = SanitationService::convertHtml($title);
    $keywords = SanitationService::convertHtml($keywords);
    $content = SanitationService::convertHtml($content);
    // Save article
    $articles = ArticleService::get_instance();
    $articles->add_article($user, $title, $keywords, $content);
    // Redirect to articles
    HttpService::redirect_to('/articles/');
}
// GET - Show form
if ($method == "GET") {
    $page_title = "New Article";
    $form_action = '/articles/new';
    $id = '';
    $title = '';
    $keywords = '';
    $author = $_SESSION['username'];
    $content = '';
    $date = date('F d, Y', time());
    $page_content = '../../app/views/articles/edit.php';
    include_once '../../app/views/_layout.php';
}