phangoapp/simplephango
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity

Fixes in login

Browse source
This commit is contained in:
Antonio de la Rosa 2025-11-24 01:17:21 +01:00
parent 6b20d046d1
commit 9f21c3a87e
14 changed files with 331 additions and 2814 deletions
Download patch file Download diff file Expand all files Collapse all files

240
modules/admin/controllers/app.php
View file

@ -34,148 +34,148 @@ class AppController extends TplController{
$this->db->connect();
$c_user=$this->db->select_count('', []);
$c_user=$this->db->select_count('useradmin', '', []);
if(!$c_user) {
header('Location: '.Url::make_url('admin', 'app', ['signup']));
}
else {
if($_SERVER['REQUEST_METHOD']=='POST') {
$username=trim($_POST['username']);
$password=trim($_POST['password']);
$error=1;
$error_form=['username_error' => ''];
if($username=='') {
$error_form['username_error']=_('Username empty');
}
$arr_user=$this->db->select_a_row('useradmin', [], 'WHERE username=?', [$username]);
if($arr_user) {
if(password_verify($password, $arr_user['password'])) {
$error=0;
$_SESSION['admin_login']=1;
}
else {
$error_form['username_error']=_('Wrong user or password');
}
}
else {
$error_form['username_error']=_('Wrong user or password');
}
echo $this->json(['error' => $error, 'error_form' => $error_form, 'message' => '']);
}
else {
echo $this->tpl->load_template('login', ['title' => 'Login']);
}
}
break;
case 'signup':
echo $this->tpl->load_template('signup', ['title' => 'Signup']);
$this->db->connect();
break;
case 'login_check':
/*$conn=MySQL::get_pdo_connection();
$c_user=$this->db->select_count('useradmin', '', []);
$data=['error' => 1];
$username=$_POST['username'];
$password=$_POST['password'];
if(!$c_user) {
$sth=$conn->prepare('SELECT id, password from useradmin where username=?');
$sth->execute([$username]);
$rows=$sth->fetchAll();
if(count($rows)>0) {
$password_hash=$rows[0]['password'];
if(password_verify($password, $password_hash)) {
if($_SERVER['REQUEST_METHOD']=='POST') {
$data['error']=0;
$error=0;
$_SESSION['phango_login']=1;
$error_form=[];
$arr_data=['username', 'email', 'password', 'repeat_password'];
foreach($arr_data as $v) {
settype($_POST[$v], 'string');
}
$username=trim($_POST['username']);
if(!preg_match('/^[A-Za-z0-9_-]+$/', $username) || $username=='') {
$error=1;
$error_form['username_error']=_("Error: empty value");
}
$email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if(!$email) {
$error=1;
$error_form['email_error']=_("Error: email is not valid");
}
$password=trim($_POST['password']);
$repeat_password=trim($_POST['repeat_password']);
if($password=='') {
$error=1;
$error_form['password_error']=_("Error: password empty");
}
else {
if($password!=$repeat_password) {
$error=1;
$error_form['password_error']=_("Error: password not equal");
}
}
if(!$error) {
if(!$this->db->insert('useradmin', ['username' => $username, 'password' => password_hash($password, PASSWORD_DEFAULT), 'email' => $email])) {
$error=1;
$error_form['username_error']=_("Error: cannot create the user, please contact with the administrator");
}
}
echo $this->json(['error' => $error, 'error_form' => $error_form, 'message' => '']);
}
}
header('Content-Type: application/json; charset=utf-8');
return json_encode($data);
break;
case 'register':
$conn=MySQL::get_pdo_connection();
$sth=$conn->query('SELECT count(*) as num_items from useradmin');
$count=$sth->fetch()[0];
if($count==0) {
echo View::load_view(['login' => 0], 'login');
}
break;
case 'signup_check':
$data=['error' => 0];
$arr_data=['username', 'email', 'password', 'repeat_password'];
foreach($arr_data as $v) {
settype($_POST[$v], 'string');
}
//$username=$_POST['username'];
//^[A-Za-z0-9_-]+$
$username=trim($_POST['username']);
if(!preg_match('/^[A-Za-z0-9_-]+$/', $username)) {
$data['error']=1;
$data['username']=_("Error: empty value");
}
$email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if(!$email) {
$data['error']=1;
$data['email']=_("Error: email is not valid");
}
$password=trim($_POST['password']);
$repeat_password=trim($_POST['repeat_password']);
if($password=='') {
$data['error']=1;
$data['password']=_("Error: password empty");
}
else {
if($password!=$repeat_password) {
else {
$data['error']=1;
$data['password']=_("Error: password not equal");
echo $this->tpl->load_template('signup', ['title' => 'Signup']);
}
}
if($data['error']==0) {
$password=password_hash($password, PASSWORD_DEFAULT);
$conn=MySQL::get_pdo_connection();
if(!$conn->prepare('INSERT into useradmin (`username`, `password`, `email`) VALUES (?, ?, ?)')->execute([$username, $password, $email])) {
$data['error']=1;
$data['username']=_("Error: cannot insert the new user in database, check your database connection");
}
//$sth->execute([$username, $password, $email]);
}
header('Content-Type: application/json; charset=utf-8');
return json_encode($data);*/
break;