login done 8:09:25

drdixit · drdixit · commit c2caf70d5afa · 2025-06-30T17:02:06.000+05:30
diff --git a/Core/Middleware/Auth.php b/Core/Middleware/Auth.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Core\Middleware;
+
+class Auth
+{
+    // notice how each one has similar method that sort of means the'r confirming to a similar contract
+    // and that contract states that
+    // each of middleware classes provides a handle method
+    // that can be called to determine and evaluate whether
+    // the request can further continue to the core of your application
+    // the request should be allowed to proceed or not
+    public function handle()
+    {
+        if (! $_SESSION['user'] ?? false) {
+            header('Location: /');
+            exit(); // or die
+        }
+    }
+}
diff --git a/Core/Middleware/Guest.php b/Core/Middleware/Guest.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace Core\Middleware;
+
+class Guest
+{
+    public function handle()
+    {
+        if ($_SESSION['user'] ?? false) {
+            header('Location: /');
+            exit(); // or die
+        }
+    }
+}
diff --git a/Core/Middleware/Middleware.php b/Core/Middleware/Middleware.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Core\Middleware;
+
+class Middleware
+{
+    // we create some kind of map
+    public const MAP = [
+        'guest' => Guest::class,
+        'auth' => Auth::class
+    ];
+
+    public static function resolve($key)
+    {
+        if (! $key) {
+            return; // if no middleware is specified, just return
+        }
+
+        // static means use the current instance (late static binding)
+        $middleware = static::MAP[$key] ?? false;
+
+        if (! $middleware) {
+            throw new \Exception("No matching middleware found for key '{$key}'.");
+        }
+
+        (new $middleware)->handle();
+    }
+}
diff --git a/Core/functions.php b/Core/functions.php
@@ -44,4 +44,12 @@ function view($path, $attributes = [])
     extract($attributes);
 
     require base_path('views/' . $path);
+}
+
+function login($user)
+{
+    $_SESSION['user'] = [
+        'email' => $user['email']
+        // 'name' => $user['name'],
+    ];
 }
diff --git a/Core/router.php b/Core/router.php
@@ -2,6 +2,10 @@
 
 namespace Core;
 
+use Core\Middleware\Auth;
+use Core\Middleware\Guest;
+use Core\Middleware\Middleware;
+
 class Router
 {
     protected $routes = [];
@@ -11,39 +15,96 @@ public function add($method, $uri, $controller)
         $this->routes[] = [
             'uri' => $uri,
             'controller' => $controller,
-            'method' => $method
+            'method' => $method,
+            'middleware' => null
         ];
+
+        return $this;
     }
 
     public function get($uri, $controller)
     {
-        $this->add('GET', $uri, $controller);
+        return $this->add('GET', $uri, $controller);
     }
 
     public function post($uri, $controller)
     {
-        $this->add('POST', $uri, $controller);
+        return $this->add('POST', $uri, $controller);
     }
 
     public function delete($uri, $controller)
     {
-        $this->add('DELETE', $uri, $controller);
+        return $this->add('DELETE', $uri, $controller);
     }
 
     public function patch($uri, $controller)
     {
-        $this->add('PATCH', $uri, $controller);
+        return $this->add('PATCH', $uri, $controller);
     }
 
     public function put($uri, $controller)
     {
-        $this->add('PUT', $uri, $controller);
+        return $this->add('PUT', $uri, $controller);
+    }
+
+    public function only($key)
+    {
+        // what we need to do is grab the last route that was added
+        // and set its middleware to the key that was passed in
+        // this is a very simple way to do it, but it works
+        // there are several ways to do this, but this is the simplest
+        $this->routes[array_key_last($this->routes)]['middleware'] = $key;
+
+        return $this;
     }
 
     public function route($uri, $method)
     {
         foreach ($this->routes as $route) {
             if ($route['uri'] === $uri && $route['method'] === strtoupper($method)) {
+                // apply middleware if it exists
+                // if ($route['middleware'] === 'guest') {
+                //     if($_SESSION['user'] ?? false) {
+                //         header('Location: /');
+                //         exit(); // or die
+                //     }
+                // }
+                // if ($route['middleware'] === 'auth') {
+                //     if(! $_SESSION['user'] ?? false) {
+                //         header('Location: /');
+                //         exit(); // or die
+                //     }
+                // }
+                // this is pretty sloppy, instead what if the handlers of each of these
+                // stored in a separate file, and we just require that file
+
+                // this is more dynamic way of handling middleware that is we are handling below in comment
+                // null handling
+                Middleware::resolve($route['middleware']);
+                // added below handling in Router.php
+                // if ($route['middleware']) {
+                //     $middleware = Middleware::MAP[$route['middleware']];
+                //     (new $middleware)->handle();
+                // }
+
+                // if ($route['middleware'] === 'guest') {
+                //     (new Guest)->handle();
+                // }
+                // if ($route['middleware'] === 'auth') {
+                //     (new Auth)->handle();
+                // }
+
+                // if later we need to add more middleware, we need to do this
+                // and its not look good we could simplify this
+                // its sound like we are associating a key with a corresponding middleware class
+                // so the guest key points to the Guest class
+                // the auth key points to the Auth class
+                // something like that
+                // so why don't we setup some kind of lookup table
+                // lets add some kind of parent class called Middleware
+                // if ($route['middleware'] === 'email-confirmed') {
+                //     (new ConfirmedEmail)->handle();
+                // }
                 return require base_path($route['controller']);
             }
         }
diff --git a/controllers/index.php b/controllers/index.php
@@ -1,6 +1,6 @@
 <?php
 
-$_SESSION['name'] = 'John Doe';
+// $_SESSION['name'] = 'John Doe';
 
 view("index.view.php", [
     'heading' => 'Home',
diff --git a/controllers/registration/create.php b/controllers/registration/create.php
@@ -1,6 +1,13 @@
 <?php
 
+// if user already logged in, redirect to home page
+// you don't want to allow logged-in users to access the registration page
+// copy and paste this code in every controller that needs to restrict access
+// or we can takel it at route level
+// this code is added to Router.php
+// if ($_SESSION['user'] ?? false) {
+//     header('Location: /');
+//     exit();
+// }
 
-view('registration/create.view.php', [
-
-]);
+view('registration/create.view.php');
diff --git a/controllers/registration/store.php b/controllers/registration/store.php
@@ -4,6 +4,8 @@
 use Core\Database;
 use Core\Validator;
 
+$db = App::resolve(Database::class);
+
 $email = $_POST['email'];
 $password = $_POST['password'];
 
@@ -24,7 +26,7 @@
     ]);
 }
 
-$db = App::resolve(Database::class);
+// $db = App::resolve(Database::class);
 // check if the account already exists.
 $user = $db->query('SELECT * FROM users WHERE email = :email', [
     'email' => $email
@@ -40,7 +42,8 @@
     // If no, save one to database, and then log the user in, and redirect.
     $db->query('INSERT INTO users (email, password, name) VALUES (:email, :password, :name)', [
         ':email' => $email,
-        ':password' => $password,
+        // NEVER store database passwords in clear text. always hash them.
+        ':password' => password_hash($password, PASSWORD_BCRYPT),
         ':name' => 'test'
     ]);
 
@@ -50,9 +53,19 @@
     // but we are gonna take this route
     // or may be you add multiple values like below helper
     // $_SESSION['logged_in'] = true;
-    $_SESSION['user'] = [
+
+    // $_SESSION['user'] = [
+    //     'email' => $email,
+    // ];
+
+    // refactoring because login comes in
+
+    // in future you can do something like this
+    // login($user); that has all the attributes like email, name, id, etc.
+
+    login([
         'email' => $email,
-    ];
+    ]);
 
     header('Location: /');
     exit(); // or die
diff --git a/controllers/sessions/create.php b/controllers/sessions/create.php
@@ -0,0 +1,3 @@
+<?php
+
+view('sessions/create.view.php');
diff --git a/controllers/sessions/store.php b/controllers/sessions/store.php
@@ -0,0 +1,83 @@
+<?php
+
+// log in the user if the credentials match.
+
+use Core\App;
+use Core\Database;
+use Core\Validator;
+
+$db = App::resolve(Database::class);
+
+$email = $_POST['email'];
+$password = $_POST['password'];
+
+// validate the form inputs.
+$errors = [];
+if (!Validator::email($email)) {
+    $errors['email'] = 'Please enter a valid email address.';
+}
+
+if (!Validator::string($password)) {
+    $errors['password'] = 'Please provide a valid password.';
+}
+
+if (! empty($errors)) {
+    return view('/sessions/create.view.php', [
+        'errors' => $errors
+    ]);
+}
+
+// match the credentials with the database.
+
+$user = $db->query('SELECT * FROM users WHERE email = :email', [
+    'email' => $email
+])->find();
+
+// dd($user);
+
+// if (! $user) {
+//     return view('/sessions/create.view.php', [
+//         'errors' => [
+//             'email' => 'No matching account found for that email address.'
+//         ]
+//     ]);
+// }
+
+// we have a user,but we don't know if the password provided matches what we have in the database.
+// its not simple like that because we store hash
+// if ($user['password' === $password]) {}
+
+// if (password_verify($password, $user['password'])) {
+//     login([
+//         'email' => $email,
+//     ]);
+
+//     header('Location: /');
+//     exit(); // or die
+// }
+// // else {
+// //     // i can do else for otherwise
+// //     // in this case i use exit so i don't need to use else
+// // the else statement is little superfluous here i don't need to do it
+// // }
+
+if (! $user) {
+    // if we found the corresponding user then we do the check
+    if (password_verify($password, $user['password'])) {
+        login([
+            'email' => $email,
+        ]);
+
+        header('Location: /');
+        exit(); // or die
+    }
+}
+
+// otherwise there was no user or if there was a user but the password didn't match
+// it gets us around , it allows us to skirt around the issue of us letting the user check if there are certain email addresses in our database.
+
+return view('/sessions/create.view.php', [
+    'errors' => [
+        'email' => 'No matching account found for that email address and password.'
+    ]
+]);
diff --git a/routes.php b/routes.php
@@ -4,7 +4,7 @@
 $router->get('/about', 'controllers/about.php');
 $router->get('/contact', 'controllers/contact.php');
 
-$router->get('/notes', 'controllers/notes/index.php');
+$router->get('/notes', 'controllers/notes/index.php')->only('auth');
 $router->get('/note', 'controllers/notes/show.php');
 $router->delete('/note', 'controllers/notes/destroy.php');
 
@@ -14,5 +14,20 @@
 $router->get('/notes/create', 'controllers/notes/create.php');
 $router->post('/notes', 'controllers/notes/store.php');
 
-$router->get('/register', 'controllers/registration/create.php');
+// what if there was a way to declare when i register the route that it should
+// be restricted to only guests?
+// $router->get('/register', 'controllers/registration/create.php');
+
+$router->get('/register', 'controllers/registration/create.php')->only('guest');
 $router->post('/register', 'controllers/registration/store.php');
+
+// $router->post('/login', 'controllers/sessions/store.php')->only('guest');
+// if you are wondering why i didn't do /sessions/create, you can that would be fine too
+// in this case /login is just an alias for /sessions/create
+// but you can also have redirect from /login to /sessions/create
+// again you are in charge of the routing and you can do whatever you want
+// there is no requirements, there is just guidelines that maybe you should follow if you want
+// if you are on a team may be you adapt the same system but otherwise there is very few rules when it comes to this stuff
+// $router->get('/sessions/create', 'controllers/sessions/create.php')->only('guest');
+$router->get('/login', 'controllers/sessions/create.php')->only('guest');
+$router->post('/sessions', 'controllers/sessions/store.php')->only('guest');
diff --git a/views/index.view.php b/views/index.view.php
@@ -4,7 +4,7 @@
 
 <main>
     <div class="mx-auto max-w-7xl py-6 sm:px-6 lg:px-8">
-        <p>Hello. Welcome to the home page.</p>
+        <p>Hello. <?= $_SESSION['user']['email'] ?? 'Guest' ?> Welcome to the home page.</p>
     </div>
 </main>
 
diff --git a/views/partials/nav.php b/views/partials/nav.php
diff --git a/views/sessions/create.view.php b/views/sessions/create.view.php

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+view('sessions/create.view.php');`