$message = '';
if (!isset($_SESSION['UID']) || !isset($_SESSION['USER'])) {
//If the form is submitted, then check the username and password
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['loginp']) && isset($_POST['loginu'])) {
$u = $_POST['loginu'];
$p = $_POST['loginp'];
$p = sha1($p);
//Unserialize all our users to check for a user with this name
$io = new FileIO();
$users = array();
$userFiles = $io->getDirectoryFiles(Constants::GET_USERS_DIRECTORY());
$cuser = new User('dummy1', 'dummy2');
$userFound = false;
foreach ($userFiles as $userFile) {
$val = $io->readFile(Constants::GET_USERS_DIRECTORY() . '/' . $userFile);
$cuser = unserialize($val);
if ($cuser->getUsername() == $u) {
$userFound = true;
break;
}
}
if ($userFound) {
if ($cuser->getPassword() == $p) {
$_SESSION['UID'] = $cuser->getUsername();
$_SESSION['USER'] = $cuser;
header("Location: " . get_absolute_uri('index.php'));
} else {
$message = "Please try again";
}
} else {
private function createUser($username, $password, $usertype, $pagePermissions)
{
$io = new FileIO();
$newuser = new User($username, $usertype);
$newuser->setPassword($password);
if (!empty($pagePermissions)) {
foreach ($pagePermissions as $page => $perm) {
$newuser->addPagePermission($page, $perm);
}
}
$filename = Constants::GET_USERS_DIRECTORY() . '/' . $username . '.usr';
$serialized = serialize($newuser);
return $io->writeFile($filename, $serialized);
}
