main • app/controllers/AuthController.php
<?php
class AuthController
{
public function showLogin(): void {
$title = "Login";
require __DIR__ . '/../views/auth/login.php';
}
public function login(): void {
csrf_verify();
$db = db();
$email = trim($_POST['email'] ?? '');
$pass = (string)($_POST['password'] ?? '');
$st = $db->prepare("SELECT id, password_hash FROM users WHERE email=? LIMIT 1");
$st->execute([$email]);
$u = $st->fetch();
if (!$u || !password_verify($pass, $u['password_hash'])) {
flash_set('err', 'Invalid email or password.');
redirect('/login');
}
login_user((int)$u['id']);
flash_set('ok', 'Logged in.');
redirect('/repos');
}
public function showRegister(): void {
$title = "Register";
require __DIR__ . '/../views/auth/register.php';
}
public function register(): void {
csrf_verify();
$db = db();
$username = trim($_POST['username'] ?? '');
$email = trim($_POST['email'] ?? '');
$pass = (string)($_POST['password'] ?? '');
if (!preg_match('/^[a-zA-Z0-9._-]{3,39}$/', $username)) {
flash_set('err', 'Username must be 3–39 characters (letters, numbers, dot, underscore, dash).');
redirect('/register');
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
flash_set('err', 'Invalid email.');
redirect('/register');
}
if (strlen($pass) < 8) {
flash_set('err', 'Password must be at least 8 characters.');
redirect('/register');
}
$hash = password_hash($pass, PASSWORD_DEFAULT);
try {
$st = $db->prepare("INSERT INTO users (username,email,password_hash,created_at,updated_at) VALUES (?,?,?,?,?)");
$st->execute([$username, $email, $hash, now(), now()]);
$uid = (int)$db->lastInsertId();
login_user($uid);
flash_set('ok', 'Account created.');
redirect('/repos');
} catch (Throwable $e) {
flash_set('err', 'Username or email already exists.');
redirect('/register');
}
}
public function logout(): void {
logout_user();
flash_set('ok', 'Logged out.');
redirect('/login');
}
}