<?php
include_once __DIR__ . '/destroy_form.php';
include_once SRC_DIR . '/forms.php';
include_once SRC_DIR . '/session.php';
return function (array $request) {
$form = createDestroyForm();
formHandleRequest($form, $request);
if (formIsValid($form)) {
logout();
return createRedirectResponse('/index.php/');
}
return createResponse('Invalid csrf token', 400);
};
$commission = (require APP_DIR . '/config/commission.php');
if (!(is_numeric($commission) && $commission >= 0 && $commission <= 100)) {
sendResponse(createResponse('Invalid commission value', 400));
return;
}
session_set_save_handler('mysql_session_open', 'mysql_session_close', 'mysql_session_read', 'mysql_session_write', 'mysql_session_destroy', 'mysql_session_gc');
session_start();
$request = requestFromGlobals();
if (!array_key_exists('PATH_INFO', $request['server'])) {
$location = $request['server']['SCRIPT_NAME'] . '/' . substr($request['server']['REQUEST_URI'], strlen($request['server']['SCRIPT_NAME']));
$response = createRedirectResponse($location);
} else {
$route = handleRequest($request, $routerConfig);
if ($route) {
if ($route[2] && !currentUser()) {
$response = createRedirectResponse('/index.php/login');
} else {
$handler = $route[1];
if (file_exists($hadlerPath = SRC_DIR . '/' . $handler)) {
$handlerCallable = (include $hadlerPath);
if (is_callable($handlerCallable)) {
$response = $handlerCallable($request);
} else {
$response = createResponse('handler function is missed', 404);
}
} else {
$response = createResponse('handler not found', 404);
}
}
} else {
$response = createResponse('no one route is matched', 404);
$sql = 'SELECT id, name, email, hashed_password FROM users WHERE email = ? LIMIT 1';
$statement = mysqli_prepare($connection, $sql);
mysqli_stmt_bind_param($statement, 's', $email);
mysqli_stmt_execute($statement);
mysqli_stmt_bind_result($statement, $id, $name, $email, $hp);
mysqli_stmt_fetch($statement);
mysqli_stmt_close($statement);
if (isset($id, $name, $email, $hp)) {
return ['id' => $id, 'name' => $name, 'email' => $email, 'hashed_password' => $hp];
}
return null;
}
return function (array $request) {
if (currentUser()) {
return createRedirectResponse('/index.php/');
}
$form = createCreateForm();
formHandleRequest($form, $request);
if (formIsValid($form)) {
$auth = extractValues($form);
$user = findUserByEmail(mappedConnection('users'), $auth['email']);
if ($user && password_verify($auth['password'], $user['hashed_password'])) {
authorize($user);
return createRedirectResponse('/');
} else {
$form['valid'] = false;
$form['fields']['password']['errors'][] = 'Неверный Пароль';
}
}
return createResponse(render('session/new.html.php', ['form' => $form]));
};