/** * login process */ public static function login() { // form validation if (!filter_input(INPUT_POST, "form_token") || Form::isFormTokenValid(filter_input(INPUT_POST, "form_token"))) { View::setMessageFlash("danger", "Form tidak valid"); return FALSE; } if (!filter_input(INPUT_POST, "username") || !filter_input(INPUT_POST, "password")) { View::setMessageFlash("danger", "Masukkan Username dan Password"); return FALSE; } $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING); $password = md5(filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING)); $mysqli = App::getConnection(true); $sql = "SELECT user_id FROM users WHERE username='******' AND password='******'"; if (!($query = $mysqli->query($sql))) { View::setMessageFlash("danger", $mysqli->error); return FALSE; } if ($query->num_rows == 0) { View::setMessageFlash("danger", "Username dan Password Salah"); return FALSE; } $row = $query->fetch_row(); $_SESSION['user_id'] = $row[0]; return TRUE; }
private function saveProcess() { if ($_SERVER['REQUEST_METHOD'] != 'POST') { View::setMessageFlash("danger", "Form tidak valid"); return FALSE; } // form validation if (!filter_input(INPUT_POST, "form_token") || Form::isFormTokenValid(filter_input(INPUT_POST, "form_token"))) { View::setMessageFlash("danger", "Form tidak valid"); return FALSE; } // required fields $filter = array("name" => FILTER_SANITIZE_STRING, "phone" => FILTER_SANITIZE_STRING, "address" => FILTER_SANITIZE_STRING); $input = filter_input_array(INPUT_POST, $filter); if (in_array('', $input) || in_array(NULL, $input)) { View::setMessageFlash("danger", "Kolom tidak boleh kosong"); return FALSE; } // set member object $staff = Authentication::getUser(); $staff->setData('name', $input['name']); $staff->setData('phone', $input['phone']); $staff->setData('address', $input['address']); if (!($update = $staff->update())) { View::setMessageFlash("danger", "Penyimpanan Gagal"); return; } View::setMessageFlash("success", "Penyimpanan Berhasil"); }
public static function auth() { // redirect to login page if id session is not exist if (!Sessions::check('user_id')) { self::redirectLogin(); } // get user_id $id = Sessions::get('user_id'); // self::$user = new User( $id ); $user = new User($id); $user_role = $user->getRole(); switch ($user_role) { case 'member': $user = new Member($id); break; case 'staff': $user = new Staff($id); break; case 'super_admin': break; default: $user = null; break; } self::$user = $user; if (is_null(self::$user->getData())) { View::setMessageFlash('danger', 'User Error'); self::redirectLogin(TRUE); } }