public function checkLogin($url)
{
$response = new ResponseProvider();
$this->dbh = new DataBaseProvider();
$login = $this->session->get('user', 0);
$sql = "SELECT roles.privilege, users.hash FROM users\n\t\tLEFT JOIN roles ON roles.id = users.role\n\t\tWHERE users.status = 1 AND users.hash = :password\n\t\t";
$user = $this->dbh->listAll($sql, array('password' => $login['token']));
$user = $user[0];
if (is_null($user) or !$login['auth']) {
return $response->redirect('index/main/info/no-session');
}
$privileges = explode(',', $user['privilege']);
if (!in_array($url, $privileges)) {
return $response->redirect('errors/code/no-privilege');
}
}
public function auth()
{
$request = new RequestProvider();
$response = new ResponseProvider();
$data = $request->post();
if (is_null($data['email'])) {
return $response->redirect('index/main/warning/email-required');
}
$user = $this->dbh->findOneBy('users', 'email', $data['email']);
if (is_null($user)) {
return $response->redirect('index/main/warning/user-no-exist');
}
$hash = md5($data['password'] . $user['salt']);
$sql = "SELECT users.name, users.hash, users.role, roles.dashboard_url FROM users\n\t\tLEFT JOIN roles ON users.role = roles.id\n\t\tWHERE users.status = 1 AND password = '******' LIMIT 1\n\t\t";
$auth = $this->dbh->listAll($sql);
$auth = $auth[0];
if (is_null($auth)) {
return $response->redirect('index/main/danger/error');
}
$this->session->destroy('user');
$this->session->set('user', 0, array('token' => $auth['hash'], 'auth' => true));
return $response->redirect($auth['dashboard_url']);
}