public function loginAction()
{
// check if a form is posted
if ($this->request->isPost()) {
// check for CSRF security & against bruteforce hacking
if ($this->security->checkToken() == false) {
$this->flash->error("invalid CSRF token ");
// redirect to login page
$this->response->redirect('account/index');
} else {
// get input from the form
$email = $this->request->getPost('email');
$password = $this->request->getPost('password');
// set up qeury checks if user input is equal to username or email from the gebruiker table
$gebruiker = Gebruiker::findFirst(["(email = :email: OR username = :email:)", "bind" => ["email" => $email]]);
// if user exists
if ($gebruiker) {
// checks if given password equals a hashed password from the gebruiker table
if ($this->security->checkHash($password, $gebruiker->password)) {
// if passwords are equal create session for the user
$this->registerSession($gebruiker);
$user = $this->session->get('auth');
$rol = $user['rol'];
if ($rol == "user") {
//Forward to the afspraken page if the user is a user
$this->response->redirect('afspraak/index');
//Forward to the admin page if the user is an admin
} else {
if ($rol == "admin") {
$this->response->redirect('admin/overzicht');
}
}
//$this->flash->success('welcome' . " " . $gebruiker->voornaam);
} else {
// forward to login page if user password is incorrect
$this->flash->error("De ingevoerde gegevens zijn niet correct");
$this->response->redirect('account/index');
}
} else {
// forward to login page if user details are incorrect
$this->flash->error("De ingevoerde gegevens zijn niet correct");
$this->response->redirect('account/index');
}
}
}
}
