diff --git a/src/Core/auth.php b/src/Core/auth.php index 1a1f4cd..3f830e0 100644 --- a/src/Core/auth.php +++ b/src/Core/auth.php @@ -8,23 +8,36 @@ class Auth{ private $pdo; + private $dbhost; + private $dbname; + private $dbuser; + private $dbpass; /** * Constructor method to initialize the database connection and start the session */ - public function __construct($host, $dbname, $username, $password){ - $dsn = "mysql:host=$host;dbname=$dbname;charset=utf8mb4"; + public function __construct(){ + global $db_config; + $this->dbhost = $db_config['DB_HOST']; + $this->dbname = $db_config['DB_NAME']; + $this->dbuser = $db_config['DB_USERNAME']; + $this->dbpass = $db_config['DB_PASSWORD']; + + $dsn = "mysql:host=$this->dbhost;dbname=$this->dbname;charset=utf8mb4"; /** * Instantiate the PDO object with the DSN, username, and password, and set attributes. * Then start a new session */ - $this->pdo = new PDO($dsn, $username. $password, [ + $this->pdo = new PDO($dsn, $this->dbuser, $this->dbpass, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, ]); - + + if($_SESSION){ + session_destroy(); + } session_start(); } @@ -33,7 +46,7 @@ class Auth{ */ public function login($username, $password){ - $sql = "SELECT * FROM users WHERE username = :username or email = :email LIMIT 1"; + $query = "SELECT * FROM users WHERE email = :username LIMIT 1"; /** * Prepare the SQL query for execution. @@ -43,8 +56,7 @@ class Auth{ $query = $this->pdo->prepare($query); $query->execute([ - ":username" => $username, - ":password" => $password + ":username" => $username ]); $user = $query->fetch(); @@ -58,7 +70,8 @@ class Auth{ if($user && password_verify($password, $user['password'])){ $_SESSION['user_id'] = $user['id']; - $_SESSION['username'] = $user['username']; + $_SESSION['name'] = $user['name']; + $_SESSION['email'] = $user['email']; $_SESSION['token'] = bin2hex(random_bytes(32)); return true;