First commit
This commit is contained in:
julien
47
app/Controllers/AuthController.php
Normal file
47
app/Controllers/AuthController.php
Normal file
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
class AuthController extends BaseController
|
||||
{
|
||||
public function show(): void
|
||||
{
|
||||
if ($this->currentUser() !== null) {
|
||||
$this->f3->reroute($this->f3->alias('dashboard'));
|
||||
return;
|
||||
}
|
||||
|
||||
$this->f3->expire(0);
|
||||
$this->render('auth/login.html', ['pageTitle' => 'Connexion']);
|
||||
}
|
||||
|
||||
public function login(): void
|
||||
{
|
||||
$this->verifyCsrf();
|
||||
|
||||
$username = trim((string) ($this->f3->get('POST.username') ?? ''));
|
||||
$password = (string) ($this->f3->get('POST.password') ?? '');
|
||||
|
||||
$user = (new User($this->db))->findByUsername($username);
|
||||
if ($user === null || !password_verify($password, $user['password_hash'])) {
|
||||
usleep(1_500_000); // 1,5 s — ralentit le brute-force
|
||||
$this->flash('error', 'Identifiants invalides.');
|
||||
$this->f3->reroute($this->f3->alias('login'));
|
||||
return;
|
||||
}
|
||||
|
||||
session_regenerate_id(true);
|
||||
$this->f3->set('SESSION.user_id', $user['id']);
|
||||
$this->flash('success', 'Connexion réussie.');
|
||||
$this->f3->reroute($this->f3->alias('dashboard'));
|
||||
}
|
||||
|
||||
public function logout(): void
|
||||
{
|
||||
$this->verifyCsrf();
|
||||
$this->f3->clear('SESSION.user_id');
|
||||
session_regenerate_id(true);
|
||||
$this->flash('success', 'Déconnexion effectuée.');
|
||||
$this->f3->reroute($this->f3->alias('home'));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user