cgView->viewPath = KERNEL_MODULES_DIR. "/secure/views/"; $this->cgView->layout = "/login.php"; $this->userService = new UserService(); } public function actionLogin(): void { $this->cgView->render(match (App::$secure['web_auth_type']) { "login_password" => "login.php", "email_code" => "email_login.php", }); // $this->cgView->render('login.php'); } #[NoReturn] public function actionAuth(): void { $loginForm = new LoginForm(); $loginForm->load($_REQUEST); if(filter_var($loginForm->getItem("username"), FILTER_VALIDATE_EMAIL)) { $field = "email"; } else { $field = "username"; } $user = $this->userService->getByField($field, $loginForm->getItem("username")); if (!$user){ Flash::setMessage("error", "User not found."); $this->redirect("/admin/login", code: 302); } if (password_verify($loginForm->getItem("password"), $user->password_hash)) { setcookie('user_id', $user->id, time()+60*60*24, '/', $_SERVER['SERVER_NAME'], false); $this->redirect("/admin", code: 302); } else { Flash::setMessage("error", "Username or password incorrect."); $this->redirect("/admin/login", code: 302); } } /** * @throws RandomException * @throws Exception */ public function actionEmailAuth(): void { $loginForm = new LoginEmailForm(); $loginForm->load($_REQUEST); $email = $loginForm->getItem("email"); $user = $this->userService->getByField('email', $email); if (!$user){ $newUser = new User(); $code = mt_rand(100000, 999999); $newUser->email = $email; $newUser->username = substr($email, 0, strpos($email, "@")); $newUser->password_hash = password_hash(md5(microtime() . bin2hex(random_bytes(10)) . time()), PASSWORD_DEFAULT); $newUser->auth_code = $code; $newUser->auth_code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes")); $newUser->save(); } else { $code = mt_rand(100000, 999999); $user->auth_code = $code; $user->auth_code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes")); $user->save(); } $mailing = new Mailing(); $mailing->send_html("login_by_code.php", ['code' => $code], [ 'address' => $email, 'subject' => "Код авторизации", "from_name" => $_ENV['APP_NAME'] ]); setcookie('user_email', $email, time()+60*15, '/', $_SERVER['SERVER_NAME'], false); $this->cgView->render("enter_code.php", ['email' => $email]); } /** * @throws Exception */ public function actionCodeCheck(): void { $request = new Request(); if (isset($_COOKIE['user_email'])) { $user = User::where('email', $_COOKIE["user_email"])->first(); if (!$user) { throw new exception("User not found."); } $code = $request->post("code"); if ($user->auth_code == $code && time() <= strtotime($user->auth_code_expires_at)) { setcookie('user_id', $user->id, time() + 60 * 60 * 24, '/', $_SERVER['SERVER_NAME'], false); $this->redirect("/admin", code: 302); } else { Flash::setMessage("error", "Wrong code."); $this->redirect("/admin/login", code: 302); } } } #[NoReturn] public function actionLogout(): void { unset($_COOKIE['user_id']); setcookie('user_id', "", -1, '/', ".".$_SERVER['SERVER_NAME'], false); setcookie('user_email', "", -1, '/', ".".$_SERVER['SERVER_NAME'], false); $this->redirect("/", code: 302); } public function actionRegister(): void { $this->cgView->render('register.php'); } public function actionRegistration(): void { $regForm = new RegisterForm(); $regForm->load($_REQUEST); if ($this->userService->getByField('username', $regForm->getItem("username"))) { Flash::setMessage("error", "Username already exists."); $this->redirect("/admin/register", code: 302); } if ($this->userService->getByField('email', $regForm->getItem("email"))) { Flash::setMessage("error", "Email already exists."); $this->redirect("/admin/register", code: 302); } $user = $this->userService->create($regForm); if ($user){ setcookie('user_id', $user->id, time()+60*60*24, '/', $_SERVER['SERVER_NAME'], false); $this->redirect("/admin", code: 302); } } }