120 lines
3.8 KiB
PHP
120 lines
3.8 KiB
PHP
<?php
|
|
|
|
// =============
|
|
// Sign In Class
|
|
// =============
|
|
|
|
class SignIn extends Base {
|
|
|
|
// Variables
|
|
|
|
private $current_user_id = "";
|
|
private $current_user_serial = "";
|
|
private $current_user_name = "";
|
|
private $current_user_email = "";
|
|
|
|
// ================================
|
|
// __construct : Class Constructor.
|
|
// ================================
|
|
|
|
public function __construct() {
|
|
|
|
set_error_handler(array($this, "displayError"));
|
|
|
|
date_default_timezone_set(self::TIMEZONE);
|
|
|
|
$this->current_user_id = $_SESSION[self::USER_ID] ?? "";
|
|
$this->current_user_name = $_SESSION[self::USER_NAME] ?? "";
|
|
$this->current_user_email = $_SESSION[self::USER_EMAIL] ?? "";
|
|
}
|
|
|
|
// ========================
|
|
// Login to the application
|
|
// ========================
|
|
|
|
public function login() {
|
|
|
|
$step = filter_input(INPUT_POST, "step") ?: "prompt";
|
|
|
|
switch ($step) {
|
|
|
|
case "prompt":
|
|
|
|
$XSLParms["BTN_SUBMIT"] = "main.php?action=SignIn.login&step=authenticate";
|
|
$XSLParms["INVALID_SIGNIN"] = "FALSE";
|
|
|
|
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
|
|
exit();
|
|
|
|
break;
|
|
|
|
case "authenticate":
|
|
|
|
$user_name = trim(filter_input(INPUT_POST, "user_name") ?: "");
|
|
$user_password = filter_input(INPUT_POST, "user_password") ?: "";
|
|
|
|
$XSLParms["BTN_SUBMIT"] = "main.php?action=SignIn.login&step=authenticate";
|
|
$XSLParms["INVALID_SIGNIN"] = "TRUE";
|
|
|
|
$user = (new Users())->getUserByUserName($user_name);
|
|
|
|
if ($user->count() == 0) {
|
|
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
|
|
die();
|
|
}
|
|
|
|
if ((integer) $user->record->user_active === 0) {
|
|
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
|
|
die();
|
|
}
|
|
|
|
$stored_hashed_password = $user->record->user_password;
|
|
|
|
if (!password_verify($user_password, $stored_hashed_password)) {
|
|
|
|
echo $this->applyXSL("", $this->getXSL("signIn"), $XSLParms);
|
|
die();
|
|
}
|
|
|
|
session_regenerate_id(true);
|
|
|
|
$_SESSION[self::USER_AUTHENTICATED] = true;
|
|
$_SESSION[self::USER_SERIAL] = (integer) $user->record->user_serial;
|
|
$_SESSION[self::USER_ID] = (string) $user->record->user_id;
|
|
$_SESSION[self::USER_NAME] = (string) $user->record->user_name;
|
|
$_SESSION[self::USER_EMAIL] = (string) $user->record->user_email;
|
|
$_SESSION[self::USER_ROLE] = (string) $user->record->user_role;
|
|
|
|
$this->current_user_id = $_SESSION[self::USER_ID] ?? "";
|
|
$this->current_user_serial = $_SESSION[self::USER_SERIAL] ?? 0;
|
|
$this->current_user_name = $_SESSION[self::USER_NAME] ?? "";
|
|
$this->current_user_email = $_SESSION[self::USER_EMAIL] ?? "";
|
|
|
|
$system_admins = $this->getSettings()->xpath("//SystemAdministrator");
|
|
|
|
foreach ($system_admins as $admin) {
|
|
if ((string) $admin === $user_name) {
|
|
$_SESSION[self::USER_ROLE] = "System Administrator";
|
|
break;
|
|
}
|
|
}
|
|
|
|
(new Journal())->journalEntry("{$_SESSION[self::USER_NAME]} logged in ({$_SESSION[self::USER_ROLE]}).");
|
|
|
|
(new Users())->updateLogin();
|
|
|
|
header("Location: ./");
|
|
exit();
|
|
|
|
break;
|
|
|
|
default:
|
|
// User NOT Validated.
|
|
header("Location: ./");
|
|
exit();
|
|
}
|
|
}
|
|
}
|
|
|
|
?>
|