From d4dce8e460b85d461067dbd98189dad64f043aa9 Mon Sep 17 00:00:00 2001
From: Gregorio Chiko Putra <gregorio@lepisi.ac.id>
Date: Fri, 8 Sep 2017 14:00:28 +0700
Subject: [PATCH] Allowed single user to be logged in at multiple sessions

---
 App/Controllers/Home.php | 40 +++++++++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/App/Controllers/Home.php b/App/Controllers/Home.php
index be3f3d6..493d663 100644
--- a/App/Controllers/Home.php
+++ b/App/Controllers/Home.php
@@ -110,8 +110,7 @@ class Home
         $password = $args['password'];
 
         $user = $this->access->showAll($table, [
-            ['username', '=', $username],
-            ['status', '!=', 1]
+            ['username', '=', $username]
         ]);
         if ($user == false) {
             $info = "Invalid username/password";
@@ -119,15 +118,22 @@ class Home
             $hash = Hash::compare($password, $user['salt'], $user['password']);
 
             if ($hash == true) {
-                if ($this->access->update($table, ['status' => 1], $user['id']) != true) {
-                    $info = "There's an error. Please try again.";
+                if ($user['max_user'] <= 0) {
+                    $info = "Max user reached!";
                 } else {
-                    Session::put('userid', $user['id']);
-                    Session::put('username', $user['username']);
-                    Session::put('full_name', $user['full_name']);
-                    Session::put('privilage', $user['privilage']);
+                    if ($this->access->update($table, ['status' => 1], $user['id']) != true) {
+                        $info = "There's an error. Please try again.";
+                    } else {
+                        $max_user = $user['max_user'] - 1;
+                        if ($this->access->update($table, ['max_user' => $max_user], $user['id']) == true) {
+                            Session::put('userid', $user['id']);
+                            Session::put('username', $user['username']);
+                            Session::put('full_name', $user['full_name']);
+                            Session::put('privilage', $user['privilage']);
 
-                    $info = "Logged in success";
+                            $info = "Logged in success";
+                        }
+                    }
                 }
             }
         }
@@ -138,9 +144,21 @@ class Home
     public function delete()
     {
         $table = 'user';
-        $user = Session::get('userid');
+        $userid = Session::get('userid');
 
-        if ($this->access->update($table, ['status' => 0], $user) != true) {
+        $user = $this->access->showAll($table, [
+            ['id', '=', $userid]
+        ]);
+        $max_user = $user['max_user'] + 1;
+
+        if ($this->access->update(
+            $table,
+            [
+                'status' => 0,
+                'max_user' => $max_user
+            ],
+            $userid
+            ) != true) {
             throw new \Exception("Bad request", 400);
         }
         return true;