netig/f3-simple-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Less home code more F3

Browse Source
This commit is contained in:
julien
2026-03-30 00:00:03 +02:00
parent d71cf304a9
commit fac7f60190
30 changed files with 818 additions and 1552 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
app/Controllers/AuthController.php
View File

@@ -2,11 +2,11 @@
declare(strict_types=1);
class AuthController extends BaseController
class AuthController extends Controller
{
public function show(): void
{
if ($this->currentUser() !== null) {
if ($this->user()) {
$this->f3->reroute('@dashboard');
return;
}
@@ -16,36 +16,35 @@ class AuthController extends BaseController
public function login(): void
{
$this->verifyCsrf();
$this->checkCsrf();
$username = $this->f3->clean((string) ($this->f3->get('POST.username') ?? ''));
$password = (string) ($this->f3->get('POST.password') ?? '');
// User étend DB\SQL\Mapper — inutile de recréer un Mapper générique.
// Le 3e argument du constructeur Auth est le callback de comparaison.
$user = new User();
$auth = new \Auth($user, ['id' => 'username', 'pw' => 'password_hash'], 'password_verify');
$auth = new Auth($user, ['id' => 'username', 'pw' => 'password_hash'], 'password_verify');
$ok = $auth->login(
$this->f3->clean((string) ($this->f3->get('POST.username') ?: '')),
(string) ($this->f3->get('POST.password') ?: '')
);
if (!$auth->login($username, $password)) {
usleep(1_500_000); // 1,5 s — ralentit le brute-force
if (!$ok) {
usleep(1000000);
$this->flash('error', 'Identifiants invalides.');
$this->f3->reroute('@login');
return;
}
session_regenerate_id(true); // Prévient la fixation de session.
$this->resetCsrfToken(); // Le nouveau contexte repart avec un jeton dédié.
$this->f3->set('SESSION.user_id', $user->id);
session_regenerate_id(true);
$this->f3->set('SESSION.user_id', (int) $user->id);
$this->rotateCsrf();
$this->flash('success', 'Connexion réussie.');
$this->f3->reroute('@dashboard');
}
public function logout(): void
{
$this->verifyCsrf();
$this->checkCsrf();
$this->f3->clear('SESSION.user_id');
$this->resetCsrfToken();
session_regenerate_id(true); // Invalide l'ancien ID de session.
session_regenerate_id(true);
$this->rotateCsrf();
$this->flash('success', 'Déconnexion effectuée.');
$this->f3->reroute('@login');
}