public static function render_user_panel($username, $role)
{
$result = "";
if (!usertils::has_role($role, ROLE_USER)) {
$result .= "Browsing as " . self::render_user($username, $role) . ". <a href='?action=login'>Login</a>.";
} else {
$result .= "Logged in as " . self::render_user($username, $role) . ". <a href='?action=logout'>Logout</a>.";
}
return $result;
}
<?php
if ($_SERVER["REQUEST_METHOD"] == "GET") {
exit(file_get_contents("templates/login.html"));
}
// The request isn't GET, so it's probably POST.
utils::require_params($_POST, ["username", "password"], "POST");
if (usertils::check_credentials($_POST["username"], $_POST["password"])) {
env::$username = $_POST["username"];
env::$role = usertils::get_user($_POST["username"])["roles"];
http_response_code(302);
// temporary redirect
header("location: index.php?action=list&login=success");
// todo set an *appropriate* cookie here
// todo output a nice login success page here?
exit;
}
// The login failed!
http_response_code(401);
// todo output a nice login failed page here.
header("content-type: text/plain");
exit("Login failed.");
<?php
if (isset($_COOKIE["{$settings->cookie_prefix}-user"]) && isset($_COOKIE["{$settings->cookie_prefix}-session-key"])) {
// The requester has attached a session key, we should probably take a look at it.
if (sessions::lookup($_COOKIE["{$settings->cookie_prefix}-user"], $_COOKIE["{$settings->cookie_prefix}-session-key"])) {
// The user's key was valid! Update the environment to reflect the user.
env::$username = $_COOKIE["{$settings->cookie_prefix}-user"];
env::$key = $_COOKIE["{$settings->cookie_prefix}-session-key"];
env::$role = intval(usertils::get_user(env::$username)["roles"]);
}
}
