public function processLoginAttempt(Request $request, Session $session) { if ($session->userIsLoggedIn()) { return $this->redirectTo('/dashboard'); } if (!isset($request->post['email']) || !isset($request->post['password'])) { return (new View('login', ['errors' => 'Form incomplete']))->render(); } $results = Database::query('SELECT id, password FROM User WHERE email = ?', [$request->post['email']]); if (isset($results[0]['id']) && password_verify($request->post['password'], $results[0]['password'])) { $id = (int) $results[0]['id']; $session->generateSession($id); return $this->redirectTo('/dashboard'); } return (new View('login', ['errors' => 'Login Incorrect']))->render(); }
public function processSignup(Request $request, Session $session) { if ($session->userIsLoggedIn()) { return $this->redirectTo('/dashboard'); } if (isset($request->post['email']) && isset($request->post['password']) && (isset($request->post['buyer_account']) || isset($request->post['seller_account'])) && ($request->post['buyer_account'] == 1 || $request->post['seller_account'] == 1)) { if (Database::checkExists($request->post['email'], 'email', 'User')) { return View::renderView('login', ['signup_errors' => 'Email already exists']); } Database::insert('INSERT INTO User (email,password) VALUES (?,?)', [$request->post['email'], password_hash($request->post['password'], PASSWORD_DEFAULT)]); $user_id = Database::lastID(); if ($request->post['buyer_account'] == 1) { Database::insert('INSERT INTO UserRole (user_id, role_id) VALUES (?,?)', [$user_id, Role::buyer()]); } if ($request->post['seller_account'] == 1) { Database::insert('INSERT INTO UserRole (user_id, role_id) VALUES (?,?)', [$user_id, Role::seller()]); } $session->generateSession($user_id); return $this->redirectTo('/dashboard'); } return View::renderView('login', ['signup_errors' => 'You must complete the signup form']); }