public function findByUsername($username) { $statement = $this->db->prepare("\n SELECT * FROM users WHERE username = ?\n "); $statement->execute([$username]); $data = $statement->fetch(); $user = null; if ($statement->rowCount() > 0) { $data['roles'] = RoleService::getUserRoles($data['id']); $user = new User($data); } return $user; }
private function loadRoles() { self::$roles = RoleService::getRoles(); }
/** * @param LoginBindingModel $model * @throws \Exception * @POST */ public function login(LoginBindingModel $model) { $username = $model->getUsername(); $password = $model->getPassword(); $user = $this->eshopData->getUsersRepository()->findByUsername($username); if ($user === false || !password_verify($password, $user->getPassword())) { throw new \Exception('Invalid credentials'); } if ($user->getIsBanned()) { throw new \Exception("This account is banned"); } Session::put('userId', $user->getId()); Session::put('roles', implode(', ', RoleService::getUserRoles($user->getId()))); RouteService::redirect('account', 'profile', true); }
<div class="col-sm-9 padding-right"> <div class="features_items"><!--features_items--> <h2 class="title text-center">Features Items</h2> <?php if (\DF\Services\RoleService::isAdministrator() || \DF\Services\RoleService::isEditor()) { ?> <form action="<?php echo \DF\Services\RouteService::getUrl('products', ''); ?> " method="POST"> <input type="text" name="productName" placeholder="name"> <input type="text" name="productPrice" placeholder="price"> <input type="text" name="categoryId" placeholder="category id"> <input type="text" name="quantity" placeholder="quantity"> <input type="hidden" name="csrf_token" value="<?php echo \DF\Helpers\Csrf::getCSRFToken(); ?> "> <input type="submit" value="Add Product"> </form> <?php } ?> <?php foreach ($model->products as $product) { ?> <div class="col-sm-4"> <div class="product-image-wrapper"> <div class="single-products"> <div class="productinfo text-center"> <img src="images/home/product1.jpg" alt="" />
private function checkAuthorization() { if (!Session::exists('userId') && $this->getRouter()->routeInfo['authorize'] == true) { throw new \Exception("Unauthorized"); } if (count($this->getRouter()->routeInfo['roles']) > 0) { if (!RoleService::userInRoles(Session::get('userId'), $this->getRouter()->routeInfo['roles'])) { throw new \Exception("You do not have the rights"); } } }