Files
decdata/classes/SignIn.php
T
2026-06-30 21:34:42 -04:00

120 lines
3.8 KiB
PHP

<?php
// =============
// Sign In Class
// =============
class SignIn extends Base {
// Variables
private $current_user_id = "";
private $current_user_serial = "";
private $current_user_name = "";
private $current_user_email = "";
// ================================
// __construct : Class Constructor.
// ================================
public function __construct() {
set_error_handler(array($this, "displayError"));
date_default_timezone_set(self::TIMEZONE);
$this->current_user_id = $_SESSION[self::USER_ID] ?? "";
$this->current_user_name = $_SESSION[self::USER_NAME] ?? "";
$this->current_user_email = $_SESSION[self::USER_EMAIL] ?? "";
}
// ========================
// Login to the application
// ========================
public function login() {
$step = filter_input(INPUT_POST, "step") ?: "prompt";
switch ($step) {
case "prompt":
$XSLParms["BTN_SUBMIT"] = "main.php?action=SignIn.login&step=authenticate";
$XSLParms["INVALID_SIGNIN"] = "FALSE";
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
exit();
break;
case "authenticate":
$user_name = trim(filter_input(INPUT_POST, "user_name") ?: "");
$user_password = filter_input(INPUT_POST, "user_password") ?: "";
$XSLParms["BTN_SUBMIT"] = "main.php?action=SignIn.login&step=authenticate";
$XSLParms["INVALID_SIGNIN"] = "TRUE";
$user = (new Users())->getUserByUserName($user_name);
if ($user->count() == 0) {
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
die();
}
if ((integer) $user->record->user_active === 0) {
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
die();
}
$stored_hashed_password = $user->record->user_password;
if (!password_verify($user_password, $stored_hashed_password)) {
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
die();
}
session_regenerate_id(true);
$_SESSION[self::USER_AUTHENTICATED] = true;
$_SESSION[self::USER_SERIAL] = (integer) $user->record->user_serial;
$_SESSION[self::USER_ID] = (string) $user->record->user_id;
$_SESSION[self::USER_NAME] = (string) $user->record->user_name;
$_SESSION[self::USER_EMAIL] = (string) $user->record->user_email;
$_SESSION[self::USER_ROLE] = (string) $user->record->user_role;
$this->current_user_id = $_SESSION[self::USER_ID] ?? "";
$this->current_user_serial = $_SESSION[self::USER_SERIAL] ?? 0;
$this->current_user_name = $_SESSION[self::USER_NAME] ?? "";
$this->current_user_email = $_SESSION[self::USER_EMAIL] ?? "";
$system_admins = $this->getSettings()->xpath("//SystemAdministrator");
foreach ($system_admins as $admin) {
if ((string) $admin === $user_name) {
$_SESSION[self::USER_ROLE] = "System Administrator";
break;
}
}
(new Journal())->journalEntry("{$_SESSION[self::USER_NAME]} logged in ({$_SESSION[self::USER_ROLE]}).");
(new Users())->updateLogin();
header("Location: ./");
exit();
break;
default:
// User NOT Validated.
header("Location: ./");
exit();
}
}
}
?>