Overview
The AuthController manages user authentication and session control for the Apartado de Salas system. It provides methods for displaying the login form, processing authentication, and handling user logout.
Location: app/controllers/AuthController.php
Methods
showLogin()
Displays the login form. If a user session is already active, redirects to the dashboard.
Renders the login view or redirects to dashboard
GET /login -> AuthController::showLogin()
GET / -> AuthController::showLogin()
public function showLogin(): void
if (Session::isActive()) {
header('Location: ' . BASE_URL . '/dashboard');
exit;
}
require_once dirname(__DIR__) . '/views/auth/login.php';
This method checks for an active session before rendering the login page to prevent authenticated users from accessing the login form.
login()
Processes user authentication from the login form POST request.
Username from POST data ($_POST['username'])
Password from POST data ($_POST['password'])
Redirects to dashboard on success, or back to login with error message
POST /login -> AuthController::login()
public function login(): void
Validation
Authentication
Success
// Verify POST request
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: ' . BASE_URL . '/login');
exit;
}
// Get credentials
$user = $_POST['username'] ?? '';
$pass = $_POST['password'] ?? '';
// Validate required fields
if (empty($user) || empty($pass)) {
Session::setFlash('error', 'Todos los campos son obligatorios.');
header('Location: login');
exit;
}
// Authenticate user
$userModel = new User();
$authResult = $userModel->authenticate($user, $pass);
if (!$authResult) {
Session::setFlash('error', 'Usuario o contraseña incorrectos.');
session_write_close();
header('Location: ' . BASE_URL . '/login');
exit;
}
// Create session
Session::create($authResult);
// Redirect to dashboard
header('Location: ' . BASE_URL . '/dashboard');
exit;
"Todos los campos son obligatorios." - When username or password is empty"Usuario o contraseña incorrectos." - When authentication fails
Success Behavior:
- Creates user session via
Session::create()
- Redirects to
/dashboard
logout()
Destroys the current user session and redirects to the login page.
Destroys session and redirects to login
GET /logout -> AuthController::logout()
public function logout(): void
// Start session if not already active
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// Destroy session properly
session_unset();
session_destroy();
// Regenerate ID for security
session_regenerate_id(true);
// Redirect to login
header('Location: ' . BASE_URL . '/login');
exit;
The logout method regenerates the session ID for security purposes to prevent session fixation attacks.
Dependencies
require_once dirname(__DIR__) . '/models/user.php';
require_once dirname(__DIR__) . '/Helpers/Session.php';
User - Model for user authenticationSession - Helper for session management
Usage Example
Login Flow:
// User accesses /login
// AuthController::showLogin() is called
// Login form is displayed
// User submits credentials
// POST request to /login
// AuthController::login() processes authentication
// On success: redirect to /dashboard
// On failure: redirect back to /login with error message
// User clicks logout
// GET request to /logout
// AuthController::logout() destroys session
// Redirect to /login