/* * GET Route */ $app->get('/login', function ($request, $response, $args) { return $this->view->render($response, 'login.php', []); }); /* * POST Route */ $app->post('/login', function ($request, $response, $args) { $username = $_POST['username'] ?: ''; $password = $_POST['password'] ?: ''; $user = User::where('username', $username)->first(); // Ensure the user exists in our records. if (is_null($user)) { return $this->view->render($response, 'login.php', ['error' => 'Invalid Username or password.']); } // Ensure the passwords match to validate the user. if (!password_verify($password, $user->password)) { Audit::create(['category' => 'Failed login attempt', 'log_note' => 'Invalid credentials attempted for account: ' . $username, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]); return $this->view->render($response, 'login.php', ['error' => 'Invalid Username or password.']); } // TODO: Check for any currently active token, de-activate token if exists. // Log the user in. $token = Token::generateToken(); Token::create(['token' => $token, 'type' => 'Login Token', 'active' => 'Yes', 'user_id' => $user->id]); $_SESSION['login_token'] = $token; Audit::create(['category' => 'Successful Login', 'log_note' => 'User successfully logged in for account: ' . $username, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]); header('Location: /'); exit; });