adminUserRepository = $adminUserRepository; $this->passwordHelper = $passwordHelper; } private function renderLoginPage(Response $response, array $renderData = []): Response { return $this->view->render($response, 'login.html.twig', $renderData); } public function showLoginPage(Request $request, Response $response): Response { if ($this->userHelper->isLoggedIn()) { // Already logged in, redirect to dashboard return $response ->withHeader('Location', '/') ->withStatus(303); } return $this->renderLoginPage($response); } public function authenticateUser(Request $request, Response $response): Response { $params = (array)$request->getParsedBody(); if (empty($params['username'])) { return $this->renderLoginPage($response, ['error' => 'Missing username!']); } elseif (empty($params['password'])) { return $this->renderLoginPage($response, ['error' => 'Missing password!']); } $loginUsername = $params['username']; $loginPassword = $params['password']; try { $user = $this->adminUserRepository->getUserByName($loginUsername); } catch (AdminUserNotFoundException $e) { $user = null; } if ($user === null || !$this->passwordHelper->verifyPassword($loginPassword, $user->getPasswordHash())) { return $this->renderLoginPage($response, ['error' => 'Wrong username or password!']); } elseif (!$user->isActive()) { return $this->renderLoginPage($response, ['error' => 'User is inactive!']); } // Set login session $this->sessionHelper->setUserId($user->getId()); return $response ->withHeader('Location', '/') ->withStatus(303); } public function logoutUser(Request $request, Response $response): Response { session_destroy(); return $response ->withHeader('Location', '/login') ->withStatus(303); } }