v0.1.10

kernel/modules/secure/controllers/SecureController.php

@@ -8,6 +8,7 @@ use kernel\App;
 use kernel\Flash;
 use kernel\helpers\Debug;
 use kernel\Mailing;
+use kernel\modules\secure\models\forms\ChangePasswordForm;
 use kernel\modules\secure\models\forms\LoginEmailForm;
 use kernel\modules\secure\models\forms\LoginForm;
 use kernel\modules\secure\models\forms\RegisterForm;
@@ -40,7 +41,7 @@ class SecureController extends AdminController
 //        $this->cgView->render('login.php');
     }
 
-    #[NoReturn] public function actionAuth(): void
+    #[NoReturn] public function actionAuth($basePath = '/admin'): void
     {
         $loginForm = new LoginForm();
         $loginForm->load($_REQUEST);
@@ -51,19 +52,36 @@ class SecureController extends AdminController
         else {
             $field = "username";
         }
-
         $user = $this->userService->getByField($field, $loginForm->getItem("username"));
         if (!$user){
             Flash::setMessage("error", "User not found.");
-            $this->redirect("/admin/login", code: 302);
+            $this->redirect($basePath . "/login", code: 302);
         }
 
         if (password_verify($loginForm->getItem("password"), $user->password_hash)) {
             setcookie('user_id', $user->id, time()+60*60*24, '/', $_SERVER['SERVER_NAME'], false);
-            $this->redirect("/admin", code: 302);
+            $this->redirect($basePath . '/', code: 302);
         } else {
             Flash::setMessage("error", "Username or password incorrect.");
-            $this->redirect("/admin/login", code: 302);
+            $this->redirect($basePath . "/login", code: 302);
+        }
+    }
+
+    #[NoReturn] public function actionChangePassword($basePath = '/admin'): void
+    {
+        $changePasswordForm = new ChangePasswordForm();
+        $changePasswordForm->load($_REQUEST);
+
+        $user = UserService::getAuthUser();
+
+        if (password_verify($changePasswordForm->getItem("old_password"), $user->password_hash)) {
+            $user->password_hash = password_hash($changePasswordForm->getItem("new_password"), PASSWORD_DEFAULT);
+            $user->save();
+            Flash::setMessage("success", "Пароль успешно изменен.");
+            $this->redirect($basePath . '', code: 302);
+        } else {
+            Flash::setMessage("error", "Username or password incorrect.");
+            $this->redirect($basePath . "", code: 302);
         }
     }
 
@@ -148,25 +166,25 @@ class SecureController extends AdminController
         $this->cgView->render('register.php');
     }
 
-    public function actionRegistration(): void
+    public function actionRegistration($basePath = '/admin'): void
     {
         $regForm = new RegisterForm();
         $regForm->load($_REQUEST);
 
         if ($this->userService->getByField('username', $regForm->getItem("username"))) {
             Flash::setMessage("error", "Username already exists.");
-            $this->redirect("/admin/register", code: 302);
+            $this->redirect($basePath . "/register", code: 302);
         }
 
         if ($this->userService->getByField('email', $regForm->getItem("email"))) {
             Flash::setMessage("error", "Email already exists.");
-            $this->redirect("/admin/register", code: 302);
+            $this->redirect($basePath . "/register", code: 302);
         }
 
         $user = $this->userService->create($regForm);
         if ($user){
             setcookie('user_id', $user->id, time()+60*60*24, '/', $_SERVER['SERVER_NAME'], false);
-            $this->redirect("/admin", code: 302);
+            $this->redirect($basePath . "/", code: 302);
         }
     }