public function __construct() { /* * Check if the user is logged-in. * * TODO: * It would be better to use 'Auth::inGroup("group1", "group2", ...)' to specify who can act as some sort of admin. * But since this is just a test and we don't have a frontpage to send logged-in, not admin, users, we * simply check for logged-in state. */ if (!Auth::isLoggedIn()) { /* * User is not logged-in, re-route to the login controller */ Router::request("/login"); } else { /* * User is logged-in, show page template */ $this->imLoadContent("view/adminMain.inc", ["pageTitle" => "Admin", "pageHeadline" => "Admin Home"]); } }
private function handleAuthRequest() { $status = false; /* * Are we logging in or out? */ if (Runtime::$GET["action"] == "login") { /* * If not already logged-in, let's log the user in */ if (!Auth::isLoggedIn()) { $user = Runtime::$POST["username"]; $passwd = Runtime::$POST["password"]; $token = Runtime::$POST["token"]; if (!empty($token) && strcmp($token, Runtime::$SESSION["_im_login_token"]) === 0) { if (!empty($user) && !empty($passwd)) { Auth::login($user, $passwd); } $status = Auth::isLoggedIn(); if (!$status && Runtime::$SYSTEM["REQUEST_CONTENT"] == "json") { Runtime::$SESSION["_im_login_token"] = Crypt::encode(Crypt::password()); } else { Runtime::$SESSION->remove("_im_login_token"); } } } } elseif (Runtime::$GET["action"] == "logout") { /* * If not already logged-out, let's log the user out */ if (Auth::isLoggedIn()) { Auth::logout(); } $status = !Auth::isLoggedIn(); } /* * If the client is asking for JSON content, we provide a JSON object * with the status of the request. */ if (Runtime::$SYSTEM["REQUEST_CONTENT"] == "json") { echo json_encode(["status" => $status, "token" => Runtime::$SESSION["_im_login_token"]]); /* * If the client is asking for html content, * e.g. the request is a regular post/load request and not an ajax request. */ } elseif (Auth::isLoggedIn()) { Router::request("/"); /* * Regular post/load request, user is not logged-in. * Either wrong password/username was supplied, or this was a * logout request. Either way, show the login form again. */ } else { $this->buildLoginForm(); } }