/** * Action to handle the sign in, both the view and the POST request * * @since 0.0.4 Now sends the 401 header * @since 0.0.1 */ public function actionSignIn() { if (!Apollo::getInstance()->getUser()->isGuest()) { Apollo::getInstance()->getRequest()->sendToIndex(); } $data = ['error' => null]; if (isset($_POST['email']) && isset($_POST['password'])) { /** * @var EntityRepository $user_repository */ $user_repository = DB::getEntityManager()->getRepository('\\Apollo\\Entities\\UserEntity'); /** * @var UserEntity $user */ $user = $user_repository->findOneBy(['email' => strtolower($_POST['email'])]); if ($user != null) { if (password_verify($_POST['password'], $user->getPassword())) { //TODO: Perhaps make this more secure? Session::set('fingerprint', Session::getFingerprint(md5($user->getPassword()))); Session::set('user_id', $user->getId()); if (isset($_GET['return'])) { Apollo::getInstance()->getRequest()->sendTo($_GET['return'], false); } else { Apollo::getInstance()->getRequest()->sendToIndex(); } } else { $data = ['error' => 'Invalid email/password combination.']; } } else { $data = ['error' => 'Invalid email/password combination.']; } } http_response_code(401); echo View::getView()->make('user.sign-in', ['data' => $data])->render(); }