<?php include_once '../app/services/session.php'; include_once '../app/services/HttpService.php'; include_once '../app/services/AuthenticationService.php'; AuthenticationService::logout(); HttpService::redirect_to('/');
/** * login * @param $username string * @param $password string */ public static function login($username, $password) { // Delete Mocking behavior // get db connection $db = new DatabaseService(); $sql_con = $db->getConnection(); //connection failed if (!$sql_con) { HttpService::return_service_unavailable(); } //get hash algos $algos = hash_algos(); //take the 3rd algo $algo = $algos[2]; $pw_hash = hash($algo, $password); //get user from db $query = "SELECT * FROM user WHERE alias = '{$username}' AND password = '******'"; $result = $sql_con->query($query); $row = mysqli_fetch_assoc($result); //login data correct? if (!isset($row)) { HttpService::redirect_to('/login/fail'); } //add alias to session $_SESSION['username'] = $row['alias']; $_SESSION['user_id'] = $row['id']; $roles = array(); //add user role switch ($row['role']) { case 1: array_push($roles, 'admin'); break; case 2: array_push($roles, 'author'); break; case 3: array_push($roles, 'user'); break; } //add roles to session $_SESSION['roles'] = $roles; }
$title = isset($_POST['title']) ? $_POST['title'] : null; $keywords = isset($_POST['keywords']) ? $_POST['keywords'] : null; $content = isset($_POST['content']) ? $_POST['content'] : null; $user = $_SESSION['username']; // Validate required parameters if (!isset($title, $content, $user)) { HttpService::return_bad_request(); } // Sanitize user input $title = SanitationService::convertHtml($title); $keywords = SanitationService::convertHtml($keywords); $content = SanitationService::convertHtml($content); // Save article $articles = ArticleService::get_instance(); $articles->add_article($user, $title, $keywords, $content); // Redirect to articles HttpService::redirect_to('/articles/'); } // GET - Show form if ($method == "GET") { $page_title = "New Article"; $form_action = '/articles/new'; $id = ''; $title = ''; $keywords = ''; $author = $_SESSION['username']; $content = ''; $date = date('F d, Y', time()); $page_content = '../../app/views/articles/edit.php'; include_once '../../app/views/_layout.php'; }