/** * @param ServerRequestInterface $request * @param callable $next * @return ResponseInterface */ public function auth(ServerRequestInterface $request, Closure $next) { if (Session::get('isLogin') === true) { return $next($request); } $csrf = new Csrf(); return Response::plain($this->view->render('admin/login', ['token' => $csrf->getToken()])); }
/** * @param ServerRequestInterface $request * @return ResponseInterface */ public function login(ServerRequestInterface $request) { $input = $request->getParsedBody(); $token = $input['_token']; $username = $input['username']; $password = $input['password']; $csrf = new Csrf(); if (!$csrf->isInSafety($token)) { return Response::factory(400, 'Not Accepted Request; Wrong token.'); } Session::remove('csrf_token'); $user = $this->repository->where(['username' => $username, 'password' => $password])->one(); if (!isset($user) || $user['level'] > 0) { return Response::factory(400, 'Not Accepted Request; Wrong username or password.'); } Session::set('isLogin', true); Session::set('username', $username); return Response::back($request); }