Show sourcecode
The following files exists in this folder. Click to view.
public_html/smartkortet/includes/
auth.php
data.php
functions.php
layout.php
auth.php
151 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
<?php
declare(strict_types=1);
require_once __DIR__ . '/../config/database.php';
require_once __DIR__ . '/functions.php';
function getSessionUser(string $sessionKey, bool $adminOnly = false): ?array
{
if (empty($_SESSION[$sessionKey])) {
return null;
}
$columns = $adminOnly ? 'id, name, email, is_admin' : 'id, name, email';
$stmt = db()->prepare("SELECT {$columns} FROM users WHERE id = :id LIMIT 1");
$stmt->execute(['id' => $_SESSION[$sessionKey]]);
$user = $stmt->fetch();
if (!$user) {
unset($_SESSION[$sessionKey]);
return null;
}
if ($adminOnly && (int) ($user['is_admin'] ?? 0) !== 1) {
unset($_SESSION[$sessionKey]);
return null;
}
return $user;
}
function currentUser(): ?array
{
return getSessionUser('user_id');
}
function currentAdmin(): ?array
{
return getSessionUser('admin_user_id', true);
}
function requireAuth(): array
{
$user = currentUser();
if (!$user) {
redirect('/auth/login.php');
}
return $user;
}
function requireGuest(): void
{
if (currentUser()) {
redirect('/index.php');
}
}
function requireAdminAuth(): array
{
$admin = currentAdmin();
if (!$admin) {
redirect('/admin/login.php');
}
return $admin;
}
function requireAdminGuest(): void
{
if (currentAdmin()) {
redirect('/admin/index.php');
}
}
function loginUser(string $email, string $password): bool
{
$stmt = db()->prepare('SELECT id, password_hash FROM users WHERE email = :email LIMIT 1');
$stmt->execute(['email' => mb_strtolower(trim($email))]);
$user = $stmt->fetch();
if (!$user || !password_verify($password, $user['password_hash'])) {
return false;
}
$_SESSION['user_id'] = (int) $user['id'];
session_regenerate_id(true);
return true;
}
function loginAdmin(string $email, string $password): bool
{
$stmt = db()->prepare('SELECT id, password_hash, is_admin FROM users WHERE email = :email LIMIT 1');
$stmt->execute(['email' => mb_strtolower(trim($email))]);
$user = $stmt->fetch();
if (!$user || (int) ($user['is_admin'] ?? 0) !== 1 || !password_verify($password, $user['password_hash'])) {
return false;
}
$_SESSION['admin_user_id'] = (int) $user['id'];
session_regenerate_id(true);
return true;
}
function registerUser(string $name, string $email, string $password): array
{
$name = trim($name);
$email = mb_strtolower(trim($email));
if ($name === '' || !filter_var($email, FILTER_VALIDATE_EMAIL) || mb_strlen($password) < 8) {
return [false, 'Fyll i ett giltigt namn, e-post och lösenord (minst 8 tecken).'];
}
$exists = db()->prepare('SELECT id FROM users WHERE email = :email LIMIT 1');
$exists->execute(['email' => $email]);
if ($exists->fetch()) {
return [false, 'Det finns redan ett konto med denna e-post.'];
}
$stmt = db()->prepare('INSERT INTO users (name, email, password_hash) VALUES (:name, :email, :password_hash)');
$stmt->execute([
'name' => $name,
'email' => $email,
'password_hash' => password_hash($password, PASSWORD_DEFAULT),
]);
return [true, 'Konto skapat. Du kan nu logga in.'];
}
function logoutUser(): void
{
$_SESSION = [];
if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
session_destroy();
}
function logoutAdmin(): void
{
unset($_SESSION['admin_user_id']);
session_regenerate_id(true);
}