diff --git a/libraries/composer-first.json b/libraries/composer-first.json new file mode 100644 index 0000000..b343040 --- /dev/null +++ b/libraries/composer-first.json @@ -0,0 +1,18 @@ +{ + "repositories": [ + { + + "type": "vcs", + "url": "git@bitbucket.org:phangoapp/phamodels.git" + + } + ], + "minimum-stability": "dev", + "prefer-stable": true, + "require-dev": { + "phpunit/phpunit": "^10.4" + }, + "require": { + "phangoapp/phamodels": "dev-master" + } +} diff --git a/modules/admin/controllers/app.php b/modules/admin/controllers/app.php index 3848097..043933b 100644 --- a/modules/admin/controllers/app.php +++ b/modules/admin/controllers/app.php @@ -1,188 +1,184 @@ 'Admin', 'content' => ''], 'dashboard'); +class AppController extends TplController{ + + public function app($op='') { + + switch($op) { + + default: + + if($this->check_login()) { + + //Default admin page. } else { - //Include module admin. + header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', ['login'])); } - - } - else { - - header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', 'login')); - - } - - break; - - case 'login': - - $conn=MySQL::get_pdo_connection(); - - $sth=$conn->query('SELECT count(*) as num_items from useradmin'); + + break; + + case 'login': + + echo 'login'; + + /*$conn=MySQL::get_pdo_connection(); + + $sth=$conn->query('SELECT count(*) as num_items from useradmin'); - $count=$sth->fetch()[0]; - - if($count==0) { + $count=$sth->fetch()[0]; - header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', 'register')); - - } - - echo View::load_view(['login' => 1], 'login'); - - break; - - case 'login_check': - - $conn=MySQL::get_pdo_connection(); - - $data=['error' => 1]; - - $username=$_POST['username']; - - $password=$_POST['password']; - - $sth=$conn->prepare('SELECT id, password from useradmin where username=?'); - - $sth->execute([$username]); - - $rows=$sth->fetchAll(); - - if(count($rows)>0) { - - $password_hash=$rows[0]['password']; - - if(password_verify($password, $password_hash)) { + if($count==0) { - $data['error']=0; - - $_SESSION['phango_login']=1; + header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', ['signup'])); } - - } - - header('Content-Type: application/json; charset=utf-8'); - return json_encode($data); - - break; - - case 'register': - - $conn=MySQL::get_pdo_connection(); - - $sth=$conn->query('SELECT count(*) as num_items from useradmin'); + echo View::load_view(['login' => 1], 'login');*/ + + break; + + case 'login_check': - $count=$sth->fetch()[0]; - - if($count==0) { + /*$conn=MySQL::get_pdo_connection(); - echo View::load_view(['login' => 0], 'login'); + $data=['error' => 1]; - } - - break; - - case 'signup_check': - - $data=['error' => 0]; - - $arr_data=['username', 'email', 'password', 'repeat_password']; - - foreach($arr_data as $v) { + $username=$_POST['username']; - settype($_POST[$v], 'string'); - - } - - //$username=$_POST['username']; - //^[A-Za-z0-9_-]+$ - - $username=trim($_POST['username']); - - if(!preg_match('/^[A-Za-z0-9_-]+$/', $username)) { - - $data['error']=1; - $data['username']=_("Error: empty value"); - - } - - $email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); - - if(!$email) { - - $data['error']=1; - $data['email']=_("Error: email is not valid"); - - - } - - $password=trim($_POST['password']); - $repeat_password=trim($_POST['repeat_password']); - - if($password=='') { - - $data['error']=1; - $data['password']=_("Error: password empty"); - - } - else { - - if($password!=$repeat_password) { + $password=$_POST['password']; - $data['error']=1; - $data['password']=_("Error: password not equal"); + $sth=$conn->prepare('SELECT id, password from useradmin where username=?'); + + $sth->execute([$username]); + + $rows=$sth->fetchAll(); + + if(count($rows)>0) { + + $password_hash=$rows[0]['password']; + + if(password_verify($password, $password_hash)) { + + $data['error']=0; + + $_SESSION['phango_login']=1; + + } } - - } - if($data['error']==0) { + header('Content-Type: application/json; charset=utf-8'); - $password=password_hash($password, PASSWORD_DEFAULT); - + return json_encode($data); + + break; + + case 'register': + $conn=MySQL::get_pdo_connection(); - if(!$conn->prepare('INSERT into useradmin (`username`, `password`, `email`) VALUES (?, ?, ?)')->execute([$username, $password, $email])) { + $sth=$conn->query('SELECT count(*) as num_items from useradmin'); + + $count=$sth->fetch()[0]; + + if($count==0) { - $data['error']=1; - $data['username']=_("Error: cannot insert the new user in database, check your database connection"); + echo View::load_view(['login' => 0], 'login'); + + } + + break; + + case 'signup_check': + + $data=['error' => 0]; + + $arr_data=['username', 'email', 'password', 'repeat_password']; + + foreach($arr_data as $v) { + + settype($_POST[$v], 'string'); } - //$sth->execute([$username, $password, $email]); + //$username=$_POST['username']; + //^[A-Za-z0-9_-]+$ + + $username=trim($_POST['username']); + + if(!preg_match('/^[A-Za-z0-9_-]+$/', $username)) { + + $data['error']=1; + $data['username']=_("Error: empty value"); + + } + + $email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); + + if(!$email) { + + $data['error']=1; + $data['email']=_("Error: email is not valid"); + + + } + + $password=trim($_POST['password']); + $repeat_password=trim($_POST['repeat_password']); - } - - header('Content-Type: application/json; charset=utf-8'); + if($password=='') { + + $data['error']=1; + $data['password']=_("Error: password empty"); + + } + else { + + if($password!=$repeat_password) { + + $data['error']=1; + $data['password']=_("Error: password not equal"); + + } - return json_encode($data); - - break; + } + + if($data['error']==0) { + + $password=password_hash($password, PASSWORD_DEFAULT); + + $conn=MySQL::get_pdo_connection(); + + if(!$conn->prepare('INSERT into useradmin (`username`, `password`, `email`) VALUES (?, ?, ?)')->execute([$username, $password, $email])) { + + $data['error']=1; + $data['username']=_("Error: cannot insert the new user in database, check your database connection"); + + } + + //$sth->execute([$username, $password, $email]); + + } + + header('Content-Type: application/json; charset=utf-8'); + + return json_encode($data);*/ + + break; + + } } - }