/**
* Action to handle the sign in, both the view and the POST request
*
* @since 0.0.4 Now sends the 401 header
* @since 0.0.1
*/
public function actionSignIn()
{
if (!Apollo::getInstance()->getUser()->isGuest()) {
Apollo::getInstance()->getRequest()->sendToIndex();
}
$data = ['error' => null];
if (isset($_POST['email']) && isset($_POST['password'])) {
/**
* @var EntityRepository $user_repository
*/
$user_repository = DB::getEntityManager()->getRepository('\\Apollo\\Entities\\UserEntity');
/**
* @var UserEntity $user
*/
$user = $user_repository->findOneBy(['email' => strtolower($_POST['email'])]);
if ($user != null) {
if (password_verify($_POST['password'], $user->getPassword())) {
//TODO: Perhaps make this more secure?
Session::set('fingerprint', Session::getFingerprint(md5($user->getPassword())));
Session::set('user_id', $user->getId());
if (isset($_GET['return'])) {
Apollo::getInstance()->getRequest()->sendTo($_GET['return'], false);
} else {
Apollo::getInstance()->getRequest()->sendToIndex();
}
} else {
$data = ['error' => 'Invalid email/password combination.'];
}
} else {
$data = ['error' => 'Invalid email/password combination.'];
}
}
http_response_code(401);
echo View::getView()->make('user.sign-in', ['data' => $data])->render();
}
