First cut of log on page (#9)

- Add session support - Refactor security handling to use db connection - Fix db path issue
2024-04-15 23:25:58 -04:00
parent 4d736b8f77
commit cab26db255
12 changed files with 185 additions and 101 deletions
--- a/src/public/user/log-off.php
+++ b/src/public/user/log-off.php
@@ -0,0 +1,10 @@
+<?php
+/**
+ * User Log Off Page
+ */
+
+include '../../start.php';
+
+if (array_key_exists(Key::USER_ID, $_SESSION)) session_destroy();
+
+frc_redirect('/');
--- a/src/public/user/log-on.php
+++ b/src/public/user/log-on.php
@@ -0,0 +1,39 @@
+<?php
+include '../../start.php';
+
+$db = Data::getConnection();
+Security::verifyUser($db, redirectIfAnonymous: false);
+
+// Users already logged on have no need of this page
+if (array_key_exists(Key::USER_ID, $_SESSION)) frc_redirect('/');
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+    Security::logOnUser($_POST['email'] ?? '', $_POST['password'], $_POST['returnTo'], $db);
+    // If we're still here, something didn't work; preserve the returnTo parameter
+    $_GET['returnTo'] = $_POST['returnTo'];
+}
+
+$isSingle = SECURITY_MODEL == Security::SINGLE_USER_WITH_PASSWORD;
+
+page_head('Log On'); ?>
+<h1>Log On</h1>
+<article>
+    <form method=POST action=/user/log-on hx-post=/user/log-on><?php
+        if (($_GET['returnTo'] ?? '') != '') { ?>
+            <input type=hidden name=returnTo value="<?=$_GET['returnTo']?>"><?php
+        }
+        if (!$isSingle) { ?>
+            <label>
+                E-mail Address
+                <input type=email name=email required autofocus>
+            </label><br><?php
+        } ?>
+        <label>
+            Password
+            <input type=password name=password required<?=$isSingle ? ' autofocus' : ''?>>
+        </label><br>
+        <button type=submit>Log On</button>
+    </form>
+</article><?php
+page_foot();
+$db->close();