public function change_password()
{
$this->cut_notlogged();
$this->user = new UsersModel();
if (!empty($_POST)) {
// Check for CSRF first.
Secure::csrf_checknredir($_POST['csrf_tkn']);
$in = new In();
$validation = $in->validate_input($_POST, array('password' => array('required' => 'true', 'min' => '6', 'max' => '16'), 'password2' => array('required' => 'true', 'equal_field' => 'password')));
if ($validation) {
$salt = Secure::salt(32);
$upd_user['password'] = Secure::do_hash($_POST['password'], $salt);
$upd_user['salt'] = $salt;
$upd_user['id'] = $_SESSION['user']['id'];
$this->user->update($upd_user);
//
Out::flash('Password updated.');
header("Location: " . ROOT_URI . '/admin/users');
exit;
} else {
// output errors
$ers = '';
foreach ($in->errors as $er) {
$ers .= $er . "<br />";
}
Out::flash($ers);
header("Location: " . ROOT_URI . "/admin/users/change_password");
exit;
}
}
// end if POST
// which user to edit
$id = $_SESSION['user']['id'];
$user2edit = $this->user->get_user($id);
$this->set_view_var($user2edit);
}
public function login()
{
$this->app->config->layout = "default";
if ($this->check_logged()) {
if ($this->isAdmin()) {
header("Location: " . ROOT_URI . "/admin");
exit;
} else {
header("Location: " . ROOT_URI);
exit;
}
}
if (!empty($_POST)) {
// Check for CSRF first.
Secure::csrf_checknredir($_POST['csrf_tkn']);
$this->user = new UsersModel();
$in = new In();
$validation = $in->validate_input($_POST, array('email' => array('required' => 'true', 'valid_email' => 'true'), 'password' => array('required' => 'true')));
if ($validation) {
$login = $this->user->login($_POST['email'], $_POST['password']);
if ($login) {
if ($this->isAdmin()) {
Out::flash('Welcome admin');
header("Location: " . ROOT_URI . '/admin');
exit;
} else {
Out::flash('Welcome user');
header("Location: " . ROOT_URI);
exit;
}
} else {
Out::flash('Wrong login.');
}
} else {
// output errors
$ers = '';
foreach ($in->errors as $er) {
$ers .= $er . "<br />";
}
Out::flash($ers);
}
}
}
