Exemple #1
0
 public function checkLogin($url)
 {
     $response = new ResponseProvider();
     $this->dbh = new DataBaseProvider();
     $login = $this->session->get('user', 0);
     $sql = "SELECT roles.privilege, users.hash FROM users\n\t\tLEFT JOIN roles ON roles.id = users.role\n\t\tWHERE users.status = 1 AND users.hash = :password\n\t\t";
     $user = $this->dbh->listAll($sql, array('password' => $login['token']));
     $user = $user[0];
     if (is_null($user) or !$login['auth']) {
         return $response->redirect('index/main/info/no-session');
     }
     $privileges = explode(',', $user['privilege']);
     if (!in_array($url, $privileges)) {
         return $response->redirect('errors/code/no-privilege');
     }
 }
 public function auth()
 {
     $request = new RequestProvider();
     $response = new ResponseProvider();
     $data = $request->post();
     if (is_null($data['email'])) {
         return $response->redirect('index/main/warning/email-required');
     }
     $user = $this->dbh->findOneBy('users', 'email', $data['email']);
     if (is_null($user)) {
         return $response->redirect('index/main/warning/user-no-exist');
     }
     $hash = md5($data['password'] . $user['salt']);
     $sql = "SELECT users.name, users.hash, users.role, roles.dashboard_url FROM users\n\t\tLEFT JOIN roles ON users.role = roles.id\n\t\tWHERE users.status = 1 AND password = '******' LIMIT 1\n\t\t";
     $auth = $this->dbh->listAll($sql);
     $auth = $auth[0];
     if (is_null($auth)) {
         return $response->redirect('index/main/danger/error');
     }
     $this->session->destroy('user');
     $this->session->set('user', 0, array('token' => $auth['hash'], 'auth' => true));
     return $response->redirect($auth['dashboard_url']);
 }