Merge branch 'feat/authentication' into 'master'

Feat/authentication backend

See merge request if3110-2023-01-18/tugas-besar-1!1

app/Controllers/UserController.php

@@ -31,5 +31,39 @@ class UserController {
         return $this->userModel->getAllUsers();
     }
 
+    public function registerUser($name, $username, $email, $password, $isAdmin) {
+        return $this->createUser($name, $username, $email, password_hash($password,PASSWORD_DEFAULT), $isAdmin);
+    }
+
+    public function loginByEmail($email,$password) {
+        $user = $this->userModel->getUserByEmail($email);
+        if ($user !== false && password_verify($password, $user['user_hashedPass'])) {
+            $_SESSION["user_id"] = $user['user_ID'];
+            return "success";
+        } else {
+            return "wrong credentials";
+        }
+    }
+
+    public function loginByUsername($username,$password) {
+        $user = $this->userModel->getUserByUsername($username);
+        if ($user !== false && password_verify($password, $user['user_hashedPass'])) {
+            $_SESSION["user_id"] = $user['user_ID'];
+            return "success";
+        } else {
+            return "wrong credentials";
+        }
+    }
+
+    public function logout() {
+        if (isset($_SESSION["user_id"])) {
+            unset($_SESSION["user_id"]);
+            session_destroy();
+            return "logout successful";
+        } else {
+            return "user not logged in";
+        }
+    }
+
 }
 ?>

app/Models/User.php

@@ -7,12 +7,24 @@ require_once(__DIR__ . '/../../db/connect.php');
 class UserModel {
     public function createUser($name, $username, $email, $hashedPass, $isAdmin) {
         global $db;
-
-        $stmt = $db->prepare("INSERT INTO users (user_name, username, user_email, user_hashedPass, isAdmin) VALUES (?, ?, ?, ?, ?)");
-        $stmt->execute([$name, $username, $email, $hashedPass, $isAdmin]);
-
-        return "User created successfully";
+    
+        try {
+            $stmt = $db->prepare("INSERT INTO users (user_name, username, user_email, user_hashedPass, isAdmin) VALUES (?, ?, ?, ?, ?)");
+            $stmt->execute([$name, $username, $email, $hashedPass, $isAdmin]);
+            
+            return "User created successfully";
+        } catch (PDOException $e) {
+            // Check if the error code corresponds to a unique constraint violation.
+            if ($e->getCode() === '23000') {
+                // Handle the error as a duplicate entry.
+                return "Username or email already exists. Please choose a different one.";
+            } else {
+                // Handle other database errors.
+                return "Database error: " . $e->getMessage();
+            }
+        }
     }
+    
 
     public function getUser($userId) {
         global $db;
@@ -23,6 +35,24 @@ class UserModel {
         return $stmt->fetch(PDO::FETCH_ASSOC);
     }
 
+    public function getUserByEmail($email) {
+        global $db;
+
+        $stmt = $db->prepare("SELECT * FROM users WHERE user_email = ?");
+        $stmt->execute([$email]);
+
+        return $stmt->fetch(PDO::FETCH_ASSOC);
+    }
+
+    public function getUserByUsername($username){
+        global $db;
+
+        $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
+        $stmt->execute([$username]);
+
+        return $stmt->fetch(PDO::FETCH_ASSOC);
+    }
+
     public function updateUser($userId, $name, $username, $email, $hashedPass, $isAdmin) {
         global $db;
 

db/init.sql

@@ -20,8 +20,8 @@ CREATE TABLE IF NOT EXISTS tickets (
 CREATE TABLE IF NOT EXISTS users (
   user_ID INT AUTO_INCREMENT PRIMARY KEY,
   user_name CHAR(255),
-  username CHAR(255),
-  user_email VARCHAR(255),
+  username CHAR(255) UNIQUE,
+  user_email VARCHAR(255) UNIQUE,
   user_hashedPass CHAR(255),
   isAdmin BOOLEAN
 );

home.php

 <?php
 // home.php
+session_start();
 var_dump($_POST);
 // require_once './app/EventController.php';
 require_once './app/Controllers/PembelianController.php';
@@ -45,10 +46,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             $userName = $_POST['userName'];
             $userUsername = $_POST['userUsername'];
             $userEmail = $_POST['userEmail'];
-            $userPassword = password_hash($_POST['userPassword'], PASSWORD_DEFAULT);
+            $userPassword = $_POST['userPassword'];
             $isAdmin = isset($_POST['isAdmin']) ? 1 : 0;
 
-            $userController->createUser($userName, $userUsername, $userEmail, $userPassword, $isAdmin);
+            echo $userController->registerUser($userName, $userUsername, $userEmail, $userPassword, $isAdmin);
         } elseif ($_POST['userAction'] === 'updateUser') {
             $userIdUpdate = $_POST['userIdUpdate'];
             $userNameUpdate = $_POST['userNameUpdate'];
@@ -61,6 +62,12 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         } elseif ($_POST['userAction'] === 'deleteUser') {
             $userIdDelete = $_POST['userIdDelete'];
             $userController->deleteUser($userIdDelete);
+        } elseif ($_POST['userAction'] === 'login') {
+            $loginUsername = $_POST['loginUsername'];
+            $loginPassword = $_POST['loginPassword'];
+            echo $userController->loginByEmail($loginUsername,$loginPassword);
+        } elseif ($_POST['userAction'] === 'logout') {
+            echo $userController->logout();
         }
     }
 }
@@ -136,6 +143,16 @@ $users = $userController->getAllUsers();
         <label>Delete User:</label>
         <input type="text" name="userIdDelete" placeholder="User ID">
         <button type="submit" name="userAction" value="deleteUser">Delete</button>
+
+        <!-- login -->
+        <label>login:</label>
+        <input type="email" name="loginUsername" placeholder="mail">
+        <input type="password" name="loginPassword" placeholder="Password">
+        <button type="submit" name="userAction" value="login">login</button>
+
+        <!-- logout -->
+        <label>Logout:</label>
+        <button type="submit" name="userAction" value="logout">logout</button>
     </form>