user()) { $this->f3->reroute('@dashboard'); return; } $this->render('auth/login.html', ['pageTitle' => 'Connexion']); } public function login(): void { $this->checkCsrf(); $user = new User(); $auth = new Auth($user, ['id' => 'username', 'pw' => 'password_hash'], 'password_verify'); $ok = $auth->login( $this->f3->clean((string) ($this->f3->get('POST.username') ?: '')), (string) ($this->f3->get('POST.password') ?: '') ); if (!$ok) { usleep(1000000); $this->flash('error', 'Identifiants invalides.'); $this->f3->reroute('@login'); return; } session_regenerate_id(true); $this->f3->set('SESSION.user_id', (int) $user->id); $this->rotateCsrf(); $this->flash('success', 'Connexion réussie.'); $this->f3->reroute('@dashboard'); } public function logout(): void { $this->checkCsrf(); $this->f3->clear('SESSION.user_id'); session_regenerate_id(true); $this->rotateCsrf(); $this->flash('success', 'Déconnexion effectuée.'); $this->f3->reroute('@login'); } }