188 lines
5.1 KiB
PHP
188 lines
5.1 KiB
PHP
<?php
|
|
|
|
use PhangoApp\PhaView\View;
|
|
use PhangoApp\PDO\MySQL;
|
|
//use PhangoApp\PhaModels\Webmodel;
|
|
|
|
include('./modules/admin/libraries/login.php');
|
|
|
|
function controller($switch='') {
|
|
|
|
session_start();
|
|
|
|
switch($switch) {
|
|
|
|
default:
|
|
|
|
if(PhangoModule\Admin\login()) {
|
|
|
|
if($switch=='') {
|
|
|
|
echo View::load_view(['title' => 'Admin', 'content' => ''], 'dashboard');
|
|
|
|
}
|
|
else {
|
|
|
|
//Include module admin.
|
|
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', 'login'));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'login':
|
|
|
|
$conn=MySQL::get_pdo_connection();
|
|
|
|
$sth=$conn->query('SELECT count(*) as num_items from useradmin');
|
|
|
|
$count=$sth->fetch()[0];
|
|
|
|
if($count==0) {
|
|
|
|
header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', 'register'));
|
|
|
|
}
|
|
|
|
echo View::load_view(['login' => 1], 'login');
|
|
|
|
break;
|
|
|
|
case 'login_check':
|
|
|
|
$conn=MySQL::get_pdo_connection();
|
|
|
|
$data=['error' => 1];
|
|
|
|
$username=$_POST['username'];
|
|
|
|
$password=$_POST['password'];
|
|
|
|
$sth=$conn->prepare('SELECT id, password from useradmin where username=?');
|
|
|
|
$sth->execute([$username]);
|
|
|
|
$rows=$sth->fetchAll();
|
|
|
|
if(count($rows)>0) {
|
|
|
|
$password_hash=$rows[0]['password'];
|
|
|
|
if(password_verify($password, $password_hash)) {
|
|
|
|
$data['error']=0;
|
|
|
|
$_SESSION['phango_login']=1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
return json_encode($data);
|
|
|
|
break;
|
|
|
|
case 'register':
|
|
|
|
$conn=MySQL::get_pdo_connection();
|
|
|
|
$sth=$conn->query('SELECT count(*) as num_items from useradmin');
|
|
|
|
$count=$sth->fetch()[0];
|
|
|
|
if($count==0) {
|
|
|
|
echo View::load_view(['login' => 0], 'login');
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'signup_check':
|
|
|
|
$data=['error' => 0];
|
|
|
|
$arr_data=['username', 'email', 'password', 'repeat_password'];
|
|
|
|
foreach($arr_data as $v) {
|
|
|
|
settype($_POST[$v], 'string');
|
|
|
|
}
|
|
|
|
//$username=$_POST['username'];
|
|
//^[A-Za-z0-9_-]+$
|
|
|
|
$username=trim($_POST['username']);
|
|
|
|
if(!preg_match('/^[A-Za-z0-9_-]+$/', $username)) {
|
|
|
|
$data['error']=1;
|
|
$data['username']=_("Error: empty value");
|
|
|
|
}
|
|
|
|
$email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
|
|
|
|
if(!$email) {
|
|
|
|
$data['error']=1;
|
|
$data['email']=_("Error: email is not valid");
|
|
|
|
|
|
}
|
|
|
|
$password=trim($_POST['password']);
|
|
$repeat_password=trim($_POST['repeat_password']);
|
|
|
|
if($password=='') {
|
|
|
|
$data['error']=1;
|
|
$data['password']=_("Error: password empty");
|
|
|
|
}
|
|
else {
|
|
|
|
if($password!=$repeat_password) {
|
|
|
|
$data['error']=1;
|
|
$data['password']=_("Error: password not equal");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($data['error']==0) {
|
|
|
|
$password=password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
$conn=MySQL::get_pdo_connection();
|
|
|
|
if(!$conn->prepare('INSERT into useradmin (`username`, `password`, `email`) VALUES (?, ?, ?)')->execute([$username, $password, $email])) {
|
|
|
|
$data['error']=1;
|
|
$data['username']=_("Error: cannot insert the new user in database, check your database connection");
|
|
|
|
}
|
|
|
|
//$sth->execute([$username, $password, $email]);
|
|
|
|
}
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
return json_encode($data);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|