access = new Access(); $this->table = 'user'; } /* Routes */ public function index() { $posts = new Posts(); $posts->index(); } public function login() { if (Session::exists('userid')) { Session::flash('info', 'You already logged in'); Redirect::to('/'); } else { View::render('Access/login.html', [ 'token' => Token::generate() ]); } } public function logout() { if ($this->delete() != true) { $info = "There's an error. Please try again."; } else { Session::delete('userid'); Session::delete('username'); Session::delete('full_name'); Session::delete('privilage'); $info = "Logged out success"; } Session::flash('info', $info); Redirect::to('/'); } public function register() { if (Session::exists('userid') && Session::get('privilage') == 1) { View::render('Access/registrasi.html', [ 'token' => Token::generate() ]); } else { throw new \Exception("Bad Request", 400); } } /* Methods */ public function post($args = []) { foreach ($args as $value) { if ($value == '') { Session::flash('info', 'All data must not be empty'); Redirect::to('/'); die(); } } $table = 'user'; $date = new \DateTime(); $now = $date->format('Y-m-d'); $args['registered_at'] = $now; $salt = Hash::salt(); $password = Hash::make($args['password'], $salt); $args['salt'] = $salt; $args['password'] = $password; $args['full_name'] = htmlspecialchars($args['full_name']); $args['username'] = htmlspecialchars($args['username']); $data = $this->access->showAll($table); foreach ($data as $users) { if ($args['username'] == $users['username']) { Session::flash('info', 'Username already exists'); Redirect::to('./register'); die(); } } $this->access->entry($table, $args); Redirect::to('/'); } public function put($args = []) { $table = 'user'; $username = $args['username']; $password = $args['password']; $user = $this->access->showAll($table, [ ['username', '=', $username] ]); if ($user == false) { $info = "Invalid username/password"; } else { $hash = Hash::compare($password, $user['salt'], $user['password']); if ($hash == true) { if ($this->access->update($table, ['status' => 1], $user['id']) != true) { $info = "There's an error. Please try again."; } else { Session::put('userid', $user['id']); Session::put('username', $user['username']); Session::put('full_name', $user['full_name']); Session::put('privilage', $user['privilage']); $info = "Logged in success"; } } } Session::flash('info', $info); Redirect::to('/'); } public function delete() { $table = 'user'; $user = Session::get('userid'); if ($this->access->update($table, ['status' => 0], $user) != true) { throw new \Exception("Bad request", 400); } return true; } }