public function findByUsername($username)
{
$statement = $this->db->prepare("\n SELECT * FROM users WHERE username = ?\n ");
$statement->execute([$username]);
$data = $statement->fetch();
$user = null;
if ($statement->rowCount() > 0) {
$data['roles'] = RoleService::getUserRoles($data['id']);
$user = new User($data);
}
return $user;
}
private function loadRoles()
{
self::$roles = RoleService::getRoles();
}
/**
* @param LoginBindingModel $model
* @throws \Exception
* @POST
*/
public function login(LoginBindingModel $model)
{
$username = $model->getUsername();
$password = $model->getPassword();
$user = $this->eshopData->getUsersRepository()->findByUsername($username);
if ($user === false || !password_verify($password, $user->getPassword())) {
throw new \Exception('Invalid credentials');
}
if ($user->getIsBanned()) {
throw new \Exception("This account is banned");
}
Session::put('userId', $user->getId());
Session::put('roles', implode(', ', RoleService::getUserRoles($user->getId())));
RouteService::redirect('account', 'profile', true);
}
<div class="col-sm-9 padding-right">
<div class="features_items"><!--features_items-->
<h2 class="title text-center">Features Items</h2>
<?php
if (\DF\Services\RoleService::isAdministrator() || \DF\Services\RoleService::isEditor()) {
?>
<form action="<?php
echo \DF\Services\RouteService::getUrl('products', '');
?>
" method="POST">
<input type="text" name="productName" placeholder="name">
<input type="text" name="productPrice" placeholder="price">
<input type="text" name="categoryId" placeholder="category id">
<input type="text" name="quantity" placeholder="quantity">
<input type="hidden" name="csrf_token" value="<?php
echo \DF\Helpers\Csrf::getCSRFToken();
?>
">
<input type="submit" value="Add Product">
</form>
<?php
}
?>
<?php
foreach ($model->products as $product) {
?>
<div class="col-sm-4">
<div class="product-image-wrapper">
<div class="single-products">
<div class="productinfo text-center">
<img src="images/home/product1.jpg" alt="" />
private function checkAuthorization()
{
if (!Session::exists('userId') && $this->getRouter()->routeInfo['authorize'] == true) {
throw new \Exception("Unauthorized");
}
if (count($this->getRouter()->routeInfo['roles']) > 0) {
if (!RoleService::userInRoles(Session::get('userId'), $this->getRouter()->routeInfo['roles'])) {
throw new \Exception("You do not have the rights");
}
}
}
