admin/38751-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Andmin akses admin

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-25 12:21:34 +00:00
parent e8c4b6fa90
commit d44d584918
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Controllers/AdminController.php
View File

@ -8,13 +8,13 @@ use App\Services\ApkService;
class AdminController extends Controller { class AdminController extends Controller {
private function checkAuth() { private function checkAuth() {
if (!isset($_SESSION['user_id'])) { if (!isset($_SESSION['user_id']) || ($_SESSION['role'] ?? '') !== 'admin') {
$this->redirect('/admin/login'); $this->redirect('/admin/login');
} }
} }
public function loginForm() { public function loginForm() {
if (isset($_SESSION['user_id'])) { if (isset($_SESSION['user_id']) && ($_SESSION['role'] ?? '') === 'admin') {
$this->redirect('/admin/dashboard'); $this->redirect('/admin/dashboard');
} }
$this->view('admin/login'); $this->view('admin/login');
@ -25,16 +25,17 @@ class AdminController extends Controller {
$password = $_POST['password'] ?? ''; $password = $_POST['password'] ?? '';
$db = db_pdo(); $db = db_pdo();
$stmt = $db->prepare("SELECT * FROM users WHERE username = ?"); $stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND role = 'admin'");
$stmt->execute([$username]); $stmt->execute([$username]);
$user = $stmt->fetch(); $user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) { if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id']; $_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username']; $_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
$this->redirect('/admin/dashboard'); $this->redirect('/admin/dashboard');
} else { } else {
$error = "Invalid username or password"; $error = "Invalid username or password, or you are not an admin";
$this->view('admin/login', ['error' => $error]); $this->view('admin/login', ['error' => $error]);
} }
} }
@ -344,4 +345,4 @@ class AdminController extends Controller {
$text = strtolower($text); $text = strtolower($text);
return empty($text) ? 'n-a' : $text; return empty($text) ? 'n-a' : $text;
} }
} }