netig/f3-simple-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Less home code more F3

Browse Source
This commit is contained in:
julien
2026-03-28 23:29:06 +01:00
parent f7480eafe7
commit 1c8c22e12c
12 changed files with 107 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Controllers/AuthController.php
View File

@@ -21,8 +21,12 @@ class AuthController extends BaseController
$username = trim((string) ($this->f3->get('POST.username') ?? ''));
$password = (string) ($this->f3->get('POST.password') ?? '');
$user = (new User($this->db))->findByUsername($username);
if ($user === null || !password_verify($password, $user['password_hash'])) {
// User étend DB\SQL\Mapper — inutile de recréer un Mapper générique.
// Le 3e argument du constructeur Auth est le callback de comparaison.
$user = new User();
$auth = new \Auth($user, ['id' => 'username', 'pw' => 'password_hash'], 'password_verify');
if (!$auth->login($username, $password)) {
usleep(1_500_000); // 1,5 s — ralentit le brute-force
$this->flash('error', 'Identifiants invalides.');
$this->f3->reroute('@login');
@@ -30,7 +34,7 @@ class AuthController extends BaseController
}
session_regenerate_id(true); // Prévient la fixation de session.
$this->f3->set('SESSION.user_id', $user['id']);
$this->f3->set('SESSION.user_id', $user->id);
$this->flash('success', 'Connexion réussie.');
$this->f3->reroute('@dashboard');
}