current_user_id = $_SESSION[self::USER_ID] ?? ""; $this->current_user_name = $_SESSION[self::USER_NAME] ?? ""; $this->current_user_email = $_SESSION[self::USER_EMAIL] ?? ""; } // ======================== // Login to the application // ======================== public function login() { $step = filter_input(INPUT_POST, "step") ?: "prompt"; switch ($step) { case "prompt": $XSLParms["BTN_SUBMIT"] = "main.php?action=SignIn.login&step=authenticate"; $XSLParms["INVALID_SIGNIN"] = "FALSE"; echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms); exit(); break; case "authenticate": $user_name = trim(filter_input(INPUT_POST, "user_name") ?: ""); $user_password = filter_input(INPUT_POST, "user_password") ?: ""; $XSLParms["BTN_SUBMIT"] = "main.php?action=SignIn.login&step=authenticate"; $XSLParms["INVALID_SIGNIN"] = "TRUE"; $user = (new Users())->getUserByUserName($user_name); if ($user->count() == 0) { echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms); die(); } if ((integer) $user->record->user_active === 0) { echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms); die(); } $stored_hashed_password = $user->record->user_password; if (!password_verify($user_password, $stored_hashed_password)) { echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms); die(); } session_regenerate_id(true); $_SESSION[self::USER_AUTHENTICATED] = true; $_SESSION[self::USER_SERIAL] = (integer) $user->record->user_serial; $_SESSION[self::USER_ID] = (string) $user->record->user_id; $_SESSION[self::USER_NAME] = (string) $user->record->user_name; $_SESSION[self::USER_EMAIL] = (string) $user->record->user_email; $_SESSION[self::USER_ROLE] = (string) $user->record->user_role; $this->current_user_id = $_SESSION[self::USER_ID] ?? ""; $this->current_user_serial = $_SESSION[self::USER_SERIAL] ?? 0; $this->current_user_name = $_SESSION[self::USER_NAME] ?? ""; $this->current_user_email = $_SESSION[self::USER_EMAIL] ?? ""; $system_admins = $this->getSettings()->xpath("//SystemAdministrator"); foreach ($system_admins as $admin) { if ((string) $admin === $user_name) { $_SESSION[self::USER_ROLE] = "System Administrator"; break; } } (new Journal())->journalEntry("{$_SESSION[self::USER_NAME]} logged in ({$_SESSION[self::USER_ROLE]})."); (new Users())->updateLogin(); header("Location: ./"); exit(); break; default: // User NOT Validated. header("Location: ./"); exit(); } } } ?>