f3-simple-blog/app/Controllers/AuthController.php

<?php

declare(strict_types=1);

class AuthController extends Controller
{
    public function show(): void
    {
        if ($this->user()) {
            $this->f3->reroute('@dashboard');
            return;
        }

        $this->render('auth/login.html', ['pageTitle' => 'Connexion']);
    }

    public function login(): void
    {
        $this->checkCsrf();

        $user = new User();
        $auth = new Auth($user, ['id' => 'username', 'pw' => 'password_hash'], 'password_verify');
        $ok = $auth->login(
            $this->f3->clean((string) ($this->f3->get('POST.username') ?: '')),
            (string) ($this->f3->get('POST.password') ?: '')
        );

        if (!$ok) {
            usleep(1000000);
            $this->flash('error', 'Identifiants invalides.');
            $this->f3->reroute('@login');
            return;
        }

        session_regenerate_id(true);
        $this->f3->set('SESSION.user_id', (int) $user->id);
        $this->rotateCsrf();
        $this->flash('success', 'Connexion réussie.');
        $this->f3->reroute('@dashboard');
    }

    public function logout(): void
    {
        $this->checkCsrf();
        $this->f3->clear('SESSION.user_id');
        session_regenerate_id(true);
        $this->rotateCsrf();
        $this->flash('success', 'Déconnexion effectuée.');
        $this->f3->reroute('@login');
    }
}