public function change_password() { $this->cut_notlogged(); $this->user = new UsersModel(); if (!empty($_POST)) { // Check for CSRF first. Secure::csrf_checknredir($_POST['csrf_tkn']); $in = new In(); $validation = $in->validate_input($_POST, array('password' => array('required' => 'true', 'min' => '6', 'max' => '16'), 'password2' => array('required' => 'true', 'equal_field' => 'password'))); if ($validation) { $salt = Secure::salt(32); $upd_user['password'] = Secure::do_hash($_POST['password'], $salt); $upd_user['salt'] = $salt; $upd_user['id'] = $_SESSION['user']['id']; $this->user->update($upd_user); // Out::flash('Password updated.'); header("Location: " . ROOT_URI . '/admin/users'); exit; } else { // output errors $ers = ''; foreach ($in->errors as $er) { $ers .= $er . "<br />"; } Out::flash($ers); header("Location: " . ROOT_URI . "/admin/users/change_password"); exit; } } // end if POST // which user to edit $id = $_SESSION['user']['id']; $user2edit = $this->user->get_user($id); $this->set_view_var($user2edit); }
public function login() { $this->app->config->layout = "default"; if ($this->check_logged()) { if ($this->isAdmin()) { header("Location: " . ROOT_URI . "/admin"); exit; } else { header("Location: " . ROOT_URI); exit; } } if (!empty($_POST)) { // Check for CSRF first. Secure::csrf_checknredir($_POST['csrf_tkn']); $this->user = new UsersModel(); $in = new In(); $validation = $in->validate_input($_POST, array('email' => array('required' => 'true', 'valid_email' => 'true'), 'password' => array('required' => 'true'))); if ($validation) { $login = $this->user->login($_POST['email'], $_POST['password']); if ($login) { if ($this->isAdmin()) { Out::flash('Welcome admin'); header("Location: " . ROOT_URI . '/admin'); exit; } else { Out::flash('Welcome user'); header("Location: " . ROOT_URI); exit; } } else { Out::flash('Wrong login.'); } } else { // output errors $ers = ''; foreach ($in->errors as $er) { $ers .= $er . "<br />"; } Out::flash($ers); } } }