public function loginAction() { // check if a form is posted if ($this->request->isPost()) { // check for CSRF security & against bruteforce hacking if ($this->security->checkToken() == false) { $this->flash->error("invalid CSRF token "); // redirect to login page $this->response->redirect('account/index'); } else { // get input from the form $email = $this->request->getPost('email'); $password = $this->request->getPost('password'); // set up qeury checks if user input is equal to username or email from the gebruiker table $gebruiker = Gebruiker::findFirst(["(email = :email: OR username = :email:)", "bind" => ["email" => $email]]); // if user exists if ($gebruiker) { // checks if given password equals a hashed password from the gebruiker table if ($this->security->checkHash($password, $gebruiker->password)) { // if passwords are equal create session for the user $this->registerSession($gebruiker); $user = $this->session->get('auth'); $rol = $user['rol']; if ($rol == "user") { //Forward to the afspraken page if the user is a user $this->response->redirect('afspraak/index'); //Forward to the admin page if the user is an admin } else { if ($rol == "admin") { $this->response->redirect('admin/overzicht'); } } //$this->flash->success('welcome' . " " . $gebruiker->voornaam); } else { // forward to login page if user password is incorrect $this->flash->error("De ingevoerde gegevens zijn niet correct"); $this->response->redirect('account/index'); } } else { // forward to login page if user details are incorrect $this->flash->error("De ingevoerde gegevens zijn niet correct"); $this->response->redirect('account/index'); } } } }