gregorio/lepisi-pengumuman
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ae762758fc
lepisi-pengumuman/App/Controllers/Home.php

195 lines
5.3 KiB
PHP
Raw Blame History

<?php
namespace App\Controllers;
use Core\View;
use App\Models\Access;
use Core\Token;
use Core\Session;
use Core\Redirect;
use Core\Hash;
use Core\XSS;
class Home
{
public $model;
public function __construct()
{
$this->model = new Access();
}
/* Routes */
public function index()
{
$posts = new Posts();
$posts->index();
}
public function login($args = [])
{
if (Session::exists('userid')) {
Session::flash('info', 'Anda telah masuk');
Redirect::to('/');
die();
}
// Login
if ($args) {
// Avoid XSS
$args['exclude'] = [
'password'
];
$args = XSS::avoid($args);
$username = $args['username'];
$password = $args['password'];
$user = $this->model->showAll([
['username', '=', $username]
]);
if ($user == false) {
$info = "Username/password salah";
} else {
$hash = Hash::compare($password, $user['salt'], $user['password']);
if ($hash == true) {
if ($user['max_user'] <= 0) {
$info = "Telah mencapai maksimal user yang diizinkan - Silahkan logout pada perangkat lain terlebih dahulu";
} else {
$max_user = $user['max_user'] - 1;
if ($this->model->update(['max_user' => $max_user], $user['id']) == true) {
Session::put('userid', $user['id']);
Session::put('username', $user['username']);
Session::put('full_name', $user['full_name']);
Session::put('privilege', $user['privilege']);
$info = "Berhasil masuk";
}
}
}
}
Session::flash('info', $info);
Redirect::to('/');
die();
} else {
View::render('Access/login.html', [
'token' => Token::generate()
]);
}
}
public function logout() {
if ($this->delete() != true) {
$info = "Terjadi kesalahan. Silahkan coba lagi dalam beberapa saat";
} else {
Session::delete('userid');
Session::delete('username');
Session::delete('full_name');
Session::delete('privilege');
$info = "Berhasil keluar";
}
Session::flash('info', $info);
Redirect::to('/');
}
public function register()
{
if (Session::exists('userid') && Session::get('privilege') == 1) {
View::render('Access/registrasi.html', [
'token' => Token::generate()
]);
} else {
throw new \Exception("Bad Request", 400);
}
}
/* Methods */
public function post($args = [])
{
foreach ($args as $value) {
if ($value == '') {
Session::flash('info', 'Semua data harus diisi');
Redirect::to('./register');
die();
}
}
$date = new \DateTime();
$now = $date->format('Y-m-d');
$args['registered_at'] = $now;
$salt = Hash::salt();
$password = Hash::make($args['password'], $salt);
$args['salt'] = $salt;
$args['password'] = $password;
// Avoid XSS attack
// Exclude password and salt
$args['exclude'] = [
'salt',
'password'
];
$args = XSS::avoid($args);
$data = $this->model->showAll();
foreach ($data as $users) {
if (is_array($users)) {
$known_uname = $users['username'];
} else {
$known_uname = $data['username'];
}
if ($args['username'] == $known_uname) {
Session::flash('info', 'Username telah digunakan. Silahkan gunakan username lain');
Redirect::to('./register');
die();
}
}
$this->model->entry($args);
Session::flash('info', 'Registrasi berhasil');
Redirect::to('/');
die();
}
public function delete()
{
if (Session::exists('userid') == false) {
throw new \Exception("Bad request but thrown as 404", 404);
}
$userid = Session::get('userid');
$user = $this->model->showAll([
['id', '=', $userid]
]);
$max_user = $user['max_user'] + 1;
if ($this->model->update(
[
'max_user' => $max_user
],
$userid
) != true) {
throw new \Exception("Bad request", 400);
}
return true;
}
// Branch mithril test
public function mithril() {
if (Session::exists('userid')) {
$user['id'] = Session::get('userid');
$user['username'] = Session::get('username');
$user['full_name'] = Session::get('full_name');
$user['privilege'] = Session::get('privilege');
} else {
$user = false;
}
View::render('Data/mithril.html', [
'user' => $user
]);
}
}
Reference in New Issue View Git Blame Copy Permalink