From 8956b1743476e01e9a29e8cc6e9cf650e59dfa3c Mon Sep 17 00:00:00 2001 From: Gregorio Chiko Putra Date: Fri, 8 Sep 2017 10:05:42 +0700 Subject: [PATCH] Changed login/logout process --- App/Controllers/Home.php | 77 +++++++++++++++++++++++------------ App/Controllers/Posts.php | 69 ++++++++++++++++++-------------- App/Models/Access.php | 80 ------------------------------------- App/Models/Post.php | 70 -------------------------------- App/Views/Access/login.html | 2 +- Core/Model.php | 62 +++++++++++++++++++++++++--- 6 files changed, 148 insertions(+), 212 deletions(-) diff --git a/App/Controllers/Home.php b/App/Controllers/Home.php index 650c8a0..ad37262 100644 --- a/App/Controllers/Home.php +++ b/App/Controllers/Home.php @@ -10,11 +10,16 @@ use Core\Hash; class Home { - private $access; + public $access, + $table; + public function __construct() { $this->access = new Access(); + $this->table = 'user'; } + + /* Routes */ public function index() { $posts = new Posts(); @@ -33,6 +38,21 @@ class Home } } + public function logout() { + if ($this->delete() != true) { + $info = "There's an error. Please try again."; + } else { + Session::delete('userid'); + Session::delete('username'); + Session::delete('full_name'); + Session::delete('privilage'); + + $info = "Logged out success"; + } + Session::flash('info', $info); + Redirect::to('/'); + } + public function register() { if (Session::exists('userid') && Session::get('privilage') == 1) { @@ -44,7 +64,7 @@ class Home } } - // Methods + /* Methods */ public function post($args = []) { foreach ($args as $value) { @@ -69,7 +89,7 @@ class Home $args['full_name'] = htmlspecialchars($args['full_name']); $args['username'] = htmlspecialchars($args['username']); - $data = $this->access->showAll(); + $data = $this->access->showAll($table); foreach ($data as $users) { if ($args['username'] == $users['username']) { Session::flash('info', 'Username already exists'); @@ -85,38 +105,43 @@ class Home public function put($args = []) { - if ($user = $this->access->login($args)) { - Session::put('userid', $user['id']); - Session::put('username', $user['username']); - Session::put('full_name', $user['full_name']); - Session::put('privilage', $user['privilage']); + $table = 'user'; + $username = $args['username']; + $password = $args['password']; - $table = 'user'; - $id = Session::get('userid'); - - if ($this->access->update($table, ['status' => 1], $id)) { - $username = Session::get('username'); - Session::flash('info', "$username logged in"); - } + $user = $this->access->showAll($table, [ + ['username', '=', $username] + ]); + if ($user == false) { + $info = "Invalid username/password"; } else { - Session::flash('info', 'Invalid username/password'); + $hash = Hash::compare($password, $user['salt'], $user['password']); + + if ($hash == true) { + if ($this->access->update($table, ['status' => 1], $user['id']) != true) { + $info = "There's an error. Please try again."; + } else { + Session::put('userid', $user['id']); + Session::put('username', $user['username']); + Session::put('full_name', $user['full_name']); + Session::put('privilage', $user['privilage']); + + $info = "Logged in success"; + } + } } + Session::flash('info', $info); Redirect::to('/'); } - public function logout() + public function delete() { + $table = 'user'; $user = Session::get('userid'); - $username = Session::get('username'); - if ($this->access->logout($user)) { - Session::flash('info', "$username has logged out"); - Session::delete('userid'); - Session::delete('username'); - Session::delete('full_name'); - Session::delete('privilage'); - - Redirect::to('/'); + if ($this->access->update($table, ['status' => 0], $user) != true) { + throw new \Exception("Bad request", 400); } + return true; } } diff --git a/App/Controllers/Posts.php b/App/Controllers/Posts.php index a5d017f..aa8c20c 100644 --- a/App/Controllers/Posts.php +++ b/App/Controllers/Posts.php @@ -11,12 +11,14 @@ use \Core\Redirect; class Posts { private $post, - $access; + $access, + $table; public function __construct() { $this->post = new Post(); $this->access = new Access(); + $this->table = 'pengumuman'; } public function checkValid() @@ -24,9 +26,7 @@ class Posts $date = new \DateTime(); $now = $date->format("Y-m-d"); - $table = 'pengumuman'; - - $valid = $this->post->showAll([ + $valid = $this->post->showAll($this->table, [ ['valid_at', '<=', $now], ['status', '!=', 3] ]); @@ -34,11 +34,11 @@ class Posts foreach ($valid as $fields) { $id = $fields['id']; - $this->post->update($table, ['status' => 1], $id); + $this->post->update($this->table, ['status' => 1], $id); } } - $not_valid = $this->post->showAll([ + $not_valid = $this->post->showAll($this->table, [ ['valid_at', '>', $now], ['status', '!=', 3] ]); @@ -46,11 +46,11 @@ class Posts foreach ($not_valid as $fields) { $id = $fields['id']; - $this->post->update($table, ['status' => 2], $id); + $this->post->update($this->table, ['status' => 2], $id); } } - $expired = $this->post->showAll([ + $expired = $this->post->showAll($this->table, [ ['expired_at', '<', $now], ['status', '!=', 3] ]); @@ -58,16 +58,17 @@ class Posts foreach ($expired as $fields) { $id = $fields['id']; - $this->post->update($table, ['status' => 0], $id); + $this->post->update($this->table, ['status' => 0], $id); } } } + /* Routes */ public function index() { $this->checkValid(); - $posts = $this->post->showAll([ + $posts = $this->post->showAll($this->table, [ ['status', '=', 1] ]); @@ -76,7 +77,7 @@ class Posts $status = ''; if (Session::exists('userid')) { - $posts = $this->post->showAll(); + $posts = $this->post->showAll($this->table); $status = 'admin'; } @@ -122,12 +123,18 @@ class Posts $categories = $this->post->showCategories(); - $post = $this->post->showSingle($id); + $post = $this->post->showAll($this->table, [ + ['id', '=', $id] + ]); $creator = $post['creator']; $editor = $post['editor']; - $creator = $this->access->showSingle($creator); - $editor = $this->access->showSingle($editor); + $creator = $this->access->showAll($this->table, [ + ['id', '=', $creator] + ]); + $editor = $this->access->showAll($this->table, [ + ['id', '=', $editor] + ]); $editor_now = Session::get('userid'); @@ -166,42 +173,42 @@ class Posts } } - // Methods + /* Methods */ public function post($args = []) { - $table = 'pengumuman'; if (isset($args['_addon'])) { - $table = $args['_addon']; + $this->table = $args['_addon']; unset($args['_addon']); } foreach ($args as $value) { if ($value == '') { Session::flash('info', 'All data must not be empty'); - if ($table == 'pengumuman') { + if ($this->table == 'pengumuman') { Redirect::to('/posts/entry'); - } elseif ($table == 'kategori') { + } elseif ($this->table == 'kategori') { Redirect::to('/posts/category'); } die(); } } - if ($this->post->entry($table, $args)) { + if ($this->post->entry($this->table, $args)) { Session::flash('info', 'Data successfuly uploaded'); - if ($table == 'kategori') { + if ($this->table == 'kategori') { Redirect::to('/posts/category'); - } elseif ($table == 'pengumuman') { + } elseif ($this->table == 'pengumuman') { Redirect::to('/'); } } + + // Return the $table back to default + $this->table = 'pengumuman'; } public function put($args = []) { - $table = 'pengumuman'; - $args['content'] = htmlspecialchars($args['content']); $id = $args['id']; @@ -234,7 +241,7 @@ class Posts } } - if ($this->post->update($table, $args, $id)) { + if ($this->post->update($this->table, $args, $id)) { Session::flash('info', 'Data successfuly updated'); Redirect::to('/'); } else { @@ -245,22 +252,24 @@ class Posts public function delete($args = []) { - $table = 'pengumuman'; if (isset($args['_addon'])) { - $table = $args['_addon']; + $this->table = $args['_addon']; unset($args['_addon']); } $id = $args['id']; - if ($this->post->delete($table, $id)) { + if ($this->post->delete($this->table, $id)) { Session::flash('info', 'Data successfuly removed'); - if ($table = 'kategori') { + if ($this->table = 'kategori') { Redirect::to('/posts/category'); - } elseif ($table = 'pengumuman') { + } elseif ($this->table = 'pengumuman') { Redirect::to('/'); } } + + // Return the $table back to default + $this->table = 'pengumuman'; } } diff --git a/App/Models/Access.php b/App/Models/Access.php index 544e4a9..4063994 100644 --- a/App/Models/Access.php +++ b/App/Models/Access.php @@ -20,84 +20,4 @@ class Access extends \Core\Model ] ); } - - public function showAll() - { - try { - $db = static::connectDB(); - - $sql = "SELECT id, username, full_name, registered_at FROM user"; - - if ($stmt = $db->query($sql)) { - $result = $stmt->fetchAll(\PDO::FETCH_ASSOC); - return $result; - } - return false; - } catch (PDOException $e) { - echo $e->getMessage(); - } - } - - public function showSingle($id) - { - try { - $db = static::connectDB(); - - $sql = "SELECT id, username, full_name, registered_at, privilage FROM user WHERE id = ?"; - - $query = $db->prepare($sql); - - if ($query->execute([$id])) { - if ($query->rowCount() === 1) { - $result = $query->fetch(\PDO::FETCH_ASSOC); - return $result; - } - } - return false; - } catch (PDOException $e) { - throw new \Exception($e->getMessage(), 444); - } - } - - public function login($args = []) - { - try { - $username = htmlspecialchars($args['username']); - $password = $args['password']; - - $db = static::connectDB(); - - $sql = "SELECT id, password, salt FROM user WHERE username = ?"; - - $query = $db->prepare($sql); - $query->bindValue(1, $username); - - if ($query->execute()) { - if ($query->rowCount() === 1) { - $result = $query->fetch(\PDO::FETCH_ASSOC); - - $id = $result['id']; - $salt = $result['salt']; - $hash = $result['password']; - - if (\Core\Hash::compare($password, $salt, $hash)) { - $user = $this->showSingle($id); - - return $user; - } - return false; - } - } - } catch (PDOException $e) { - throw new \Exception($e->getMessage(), 444); - } - } - - public function logout($id) - { - if ($this->update('user', ['status' => 0], $id)) { - return true; - } - return false; - } } diff --git a/App/Models/Post.php b/App/Models/Post.php index e6e5422..3728254 100644 --- a/App/Models/Post.php +++ b/App/Models/Post.php @@ -35,76 +35,6 @@ class Post extends \Core\Model ); } - public function showAll($conditions = []) - { - try { - $db = static::connectDB(); - - $sql = "SELECT * FROM pengumuman"; - - if ($conditions) { - $sql .= " WHERE"; - foreach ($conditions as $condition) { - - $keys[] = $condition[0]; - $operators[] = $condition[1]; - $values[] = $condition[2]; - } - - $x = 1; - $i = 0; - foreach ($keys as $key) { - $sql .= " $key $operators[$i] ?"; - $i++; - - $x++; - if ($x <= count($keys)) { - $sql .= " AND"; - } - } - } - - $query = $db->prepare($sql); - - if ($conditions) { - $x = 1; - foreach ($values as $value) { - $query->bindValue($x, $value); - $x++; - } - } - - if ($query->execute()) { - if ($query->rowCount() != 0) { - $result = $query->fetchAll(\PDO::FETCH_ASSOC); - return $result; - } - } - } catch (PDOException $e) { - throw new \Exception($e->getMessage, 444); - } - } - - public function showSingle($id) - { - try { - $db = static::connectDB(); - - $sql = "SELECT * FROM pengumuman WHERE id = ?"; - - $query = $db->prepare($sql); - - if ($query->execute([$id])) { - if ($query->rowCount() === 1) { - $result = $query->fetch(\PDO::FETCH_ASSOC); - return $result; - } - } - } catch (PDOException $e) { - throw new \Exception($e->getMessage(), 444); - } - } - public function showCategories() { try { diff --git a/App/Views/Access/login.html b/App/Views/Access/login.html index e2e7faf..2affd94 100644 --- a/App/Views/Access/login.html +++ b/App/Views/Access/login.html @@ -20,6 +20,6 @@
- + {% endblock %} diff --git a/Core/Model.php b/Core/Model.php index 144762c..de80a74 100644 --- a/Core/Model.php +++ b/Core/Model.php @@ -7,10 +7,6 @@ abstract class Model { protected static $conn = null; - abstract public function showAll(); - - abstract public function showSingle($id); - protected static function connectDB() { try { @@ -60,6 +56,62 @@ abstract class Model } } + public function showAll($table, $conditions = []) + { + try { + if ($table) { + $db = static::connectDB(); + + $sql = "SELECT * FROM $table"; + + if ($conditions) { + $sql .= " WHERE"; + foreach ($conditions as $condition) { + + $keys[] = $condition[0]; + $operators[] = $condition[1]; + $values[] = $condition[2]; + } + + $x = 1; + $i = 0; + foreach ($keys as $key) { + $sql .= " $key $operators[$i] ?"; + $i++; + + $x++; + if ($x <= count($keys)) { + $sql .= " AND"; + } + } + } + + $query = $db->prepare($sql); + + if ($conditions) { + $x = 1; + foreach ($values as $value) { + $query->bindValue($x, $value); + $x++; + } + } + + $query->execute(); + if ($query->rowCount() == 1) { + $result = $query->fetch(\PDO::FETCH_ASSOC); + } elseif ($query->rowCount() > 1) { + $result = $query->fetchAll(\PDO::FETCH_ASSOC); + } else { + return false; + } + return $result; + } + return false; + } catch (PDOException $e) { + throw new \Exception($e->getMessage, 444); + } + } + public function entry($table, $args, $values = '') { if (count($args)) { @@ -146,7 +198,7 @@ abstract class Model try { $db = static::connectDB(); - $result = $this->showAll([ + $result = $this->showAll($table, [ ['id', '=', $id] ]);