diff --git a/app/Controllers/UserController.php b/app/Controllers/UserController.php
index cde35241cb624a07b5ce1e0acc950fbabe36de4e..f644678939f1569675e8a337566a24bf47e46f34 100644
--- a/app/Controllers/UserController.php
+++ b/app/Controllers/UserController.php
@@ -31,5 +31,39 @@ class UserController {
return $this->userModel->getAllUsers();
}
+ public function registerUser($name, $username, $email, $password, $isAdmin) {
+ return $this->createUser($name, $username, $email, password_hash($password,PASSWORD_DEFAULT), $isAdmin);
+ }
+
+ public function loginByEmail($email,$password) {
+ $user = $this->userModel->getUserByEmail($email);
+ if ($user !== false && password_verify($password, $user['user_hashedPass'])) {
+ $_SESSION["user_id"] = $user['user_ID'];
+ return "success";
+ } else {
+ return "wrong credentials";
+ }
+ }
+
+ public function loginByUsername($username,$password) {
+ $user = $this->userModel->getUserByUsername($username);
+ if ($user !== false && password_verify($password, $user['user_hashedPass'])) {
+ $_SESSION["user_id"] = $user['user_ID'];
+ return "success";
+ } else {
+ return "wrong credentials";
+ }
+ }
+
+ public function logout() {
+ if (isset($_SESSION["user_id"])) {
+ unset($_SESSION["user_id"]);
+ session_destroy();
+ return "logout successful";
+ } else {
+ return "user not logged in";
+ }
+ }
+
}
?>
diff --git a/app/Models/User.php b/app/Models/User.php
index 4c319362abf09149a34f76a107193583df3c30c4..189678fab36389ab260092117ed12144614a4dca 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -7,12 +7,24 @@ require_once(__DIR__ . '/../../db/connect.php');
class UserModel {
public function createUser($name, $username, $email, $hashedPass, $isAdmin) {
global $db;
-
- $stmt = $db->prepare("INSERT INTO users (user_name, username, user_email, user_hashedPass, isAdmin) VALUES (?, ?, ?, ?, ?)");
- $stmt->execute([$name, $username, $email, $hashedPass, $isAdmin]);
-
- return "User created successfully";
+
+ try {
+ $stmt = $db->prepare("INSERT INTO users (user_name, username, user_email, user_hashedPass, isAdmin) VALUES (?, ?, ?, ?, ?)");
+ $stmt->execute([$name, $username, $email, $hashedPass, $isAdmin]);
+
+ return "User created successfully";
+ } catch (PDOException $e) {
+ // Check if the error code corresponds to a unique constraint violation.
+ if ($e->getCode() === '23000') {
+ // Handle the error as a duplicate entry.
+ return "Username or email already exists. Please choose a different one.";
+ } else {
+ // Handle other database errors.
+ return "Database error: " . $e->getMessage();
+ }
+ }
}
+
public function getUser($userId) {
global $db;
@@ -23,6 +35,24 @@ class UserModel {
return $stmt->fetch(PDO::FETCH_ASSOC);
}
+ public function getUserByEmail($email) {
+ global $db;
+
+ $stmt = $db->prepare("SELECT * FROM users WHERE user_email = ?");
+ $stmt->execute([$email]);
+
+ return $stmt->fetch(PDO::FETCH_ASSOC);
+ }
+
+ public function getUserByUsername($username){
+ global $db;
+
+ $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
+ $stmt->execute([$username]);
+
+ return $stmt->fetch(PDO::FETCH_ASSOC);
+ }
+
public function updateUser($userId, $name, $username, $email, $hashedPass, $isAdmin) {
global $db;
diff --git a/db/init.sql b/db/init.sql
index 10b3a9049eece7f604553f88d2ec1dc57406c6db..d009cd96e21e3ee94a27815b4742247ee2461dd9 100644
--- a/db/init.sql
+++ b/db/init.sql
@@ -21,8 +21,8 @@ CREATE TABLE IF NOT EXISTS tickets (
CREATE TABLE IF NOT EXISTS users (
user_ID INT AUTO_INCREMENT PRIMARY KEY,
user_name CHAR(255),
- username CHAR(255),
- user_email VARCHAR(255),
+ username CHAR(255) UNIQUE,
+ user_email VARCHAR(255) UNIQUE,
user_hashedPass CHAR(255),
isAdmin BOOLEAN
);
diff --git a/home.php b/home.php
index 77633f7790eb40f3c32a9fb537aa294e9a643ab6..de6a1bd80f3663ed568a4496d4586de6b7225a27 100644
--- a/home.php
+++ b/home.php
@@ -1,5 +1,6 @@
<?php
// home.php
+session_start();
var_dump($_POST);
// require_once './app/EventController.php';
require_once './app/Controllers/PembelianController.php';
@@ -80,10 +81,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userName'];
$userUsername = $_POST['userUsername'];
$userEmail = $_POST['userEmail'];
- $userPassword = password_hash($_POST['userPassword'], PASSWORD_DEFAULT);
+ $userPassword = $_POST['userPassword'];
$isAdmin = isset($_POST['isAdmin']) ? 1 : 0;
- $userController->createUser($userName, $userUsername, $userEmail, $userPassword, $isAdmin);
+ echo $userController->registerUser($userName, $userUsername, $userEmail, $userPassword, $isAdmin);
} elseif ($_POST['userAction'] === 'updateUser') {
$userIdUpdate = $_POST['userIdUpdate'];
$userNameUpdate = $_POST['userNameUpdate'];
@@ -96,6 +97,12 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
} elseif ($_POST['userAction'] === 'deleteUser') {
$userIdDelete = $_POST['userIdDelete'];
$userController->deleteUser($userIdDelete);
+ } elseif ($_POST['userAction'] === 'login') {
+ $loginUsername = $_POST['loginUsername'];
+ $loginPassword = $_POST['loginPassword'];
+ echo $userController->loginByEmail($loginUsername,$loginPassword);
+ } elseif ($_POST['userAction'] === 'logout') {
+ echo $userController->logout();
}
}
}
@@ -190,6 +197,16 @@ $users = $userController->getAllUsers();
<label>Delete User:</label>
<input type="text" name="userIdDelete" placeholder="User ID">
<button type="submit" name="userAction" value="deleteUser">Delete</button>
+
+ <!-- login -->
+ <label>login:</label>
+ <input type="email" name="loginUsername" placeholder="mail">
+ <input type="password" name="loginPassword" placeholder="Password">
+ <button type="submit" name="userAction" value="login">login</button>
+
+ <!-- logout -->
+ <label>Logout:</label>
+ <button type="submit" name="userAction" value="logout">logout</button>
</form>