From a11c6eccbd296cc896ce7c481835eda1f87ba846 Mon Sep 17 00:00:00 2001
From: Sergio
Date: Wed, 31 Aug 2022 09:27:25 -0500
Subject: [PATCH] =?UTF-8?q?Crear=20sistema=20de=20autenticaci=C3=B3n=20par?=
=?UTF-8?q?a=20administradores?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
app/Config/Auth.php | 5 ++
app/Config/Filters.php | 9 ++-
app/Config/Routes.php | 9 ++-
app/Controllers/Admin.php | 2 -
app/Controllers/AdminAuth.php | 68 +++++++++++++++++++
app/Controllers/BaseController.php | 2 +-
app/Filters/AdminFilter.php | 51 +++++++++++++++
app/Models/UsuarioModel.php | 23 +++++++
app/Views/AdminAuth/login.php | 41 ++++++++++++
app/Views/templates/baseAdmin.php | 102 ++++++++++++++++-------------
10 files changed, 257 insertions(+), 55 deletions(-)
create mode 100644 app/Controllers/AdminAuth.php
create mode 100644 app/Filters/AdminFilter.php
create mode 100644 app/Models/UsuarioModel.php
create mode 100644 app/Views/AdminAuth/login.php
diff --git a/app/Config/Auth.php b/app/Config/Auth.php
index 90e160a..9c92347 100644
--- a/app/Config/Auth.php
+++ b/app/Config/Auth.php
@@ -52,6 +52,11 @@ class Auth extends \Myth\Auth\Config\Auth
'resend-activate-account' => 'resend-activate-account',
'forgot' => 'forgot',
'reset-password' => 'reset-password',
+
+ // ADMIN AUTH
+ // 'custom_route' => 'custom_route',
+ 'admin_login' => 'admin_login',
+ 'admin_logout' => 'admin_logout',
];
/**
diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 36b7f3e..128dfa0 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -2,6 +2,7 @@
namespace Config;
+use App\Filters\AdminFilter;
use App\Filters\FormularioInicialFilter;
use App\Filters\InicioFilter;
use CodeIgniter\Config\BaseConfig;
@@ -29,6 +30,7 @@ class Filters extends BaseConfig
'role' => \Myth\Auth\Filters\RoleFilter::class,
'inicio' => InicioFilter::class,
'formulario_inicial' => FormularioInicialFilter::class,
+ 'admin_filter' => AdminFilter::class,
];
/**
@@ -42,7 +44,7 @@ class Filters extends BaseConfig
// 'honeypot',
// 'csrf',
// 'invalidchars',
- 'login'
+ // 'login'
],
'after' => [
'toolbar',
@@ -78,7 +80,8 @@ class Filters extends BaseConfig
* @var array
*/
public $filters = [
- 'inicio' => ['before' => ['/',]],
- 'formulario_inicial' => ['before' => ['registro/']]
+ 'login' => ['before' => ['/', 'registro/', 'encuesta/*']],
+ 'inicio' => ['before' => ['/']],
+ 'formulario_inicial' => ['before' => ['registro/']],
];
}
diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index 9f214c3..4c51808 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -49,11 +49,14 @@ $routes->post('encuesta/submit/(:segment)', 'Encuesta::submit/$1', ['as' => 'enc
-// utilizar m�todo attemptRegister personalizdo (no requiere de username)
+// utilizar método attemptRegister personalizdo (no requiere de username)
$routes->post('register/', 'Auth::attemptRegister');
-// $routes->post('login/', 'Auth::attemptLogin');
-$routes->group('admin', ['filter' => 'role:Admin'], static function ($routes) {
+// ADMIN AUTH
+$routes->match(['get', 'post'], 'admin/login/', 'AdminAuth::login', ['as' => 'admin_login']);
+$routes->get('admin/logout', 'AdminAuth::logout', ['as' => 'admin_logout']);
+
+$routes->group('admin', ['filter' => 'admin_filter'], static function ($routes) {
$routes->get('/', 'Admin::home', ['as' => 'admin_home']);
// SOLICITUDES
diff --git a/app/Controllers/Admin.php b/app/Controllers/Admin.php
index 1f63266..744aaf2 100644
--- a/app/Controllers/Admin.php
+++ b/app/Controllers/Admin.php
@@ -58,8 +58,6 @@ class Admin extends BaseController
}
-
-
public function aprobarSolicitud($id)
{
$solicitudModel = model(ModelsPrestadorSolicitudModel::class);
diff --git a/app/Controllers/AdminAuth.php b/app/Controllers/AdminAuth.php
new file mode 100644
index 0000000..105ad71
--- /dev/null
+++ b/app/Controllers/AdminAuth.php
@@ -0,0 +1,68 @@
+request->getMethod() === 'post') {
+ $rules = [
+ 'nombreusuario' => 'required',
+ 'password' => 'required',
+ ];
+
+ if (!$this->validate($rules)) {
+ return redirect()->back()->with('msg', array(
+ 'type' => 'danger',
+ 'body' => 'Es necesario llenar todos los campos'
+ ));
+ }
+
+ // obtener datos
+ $data = $this->request->getPost();
+
+
+ // Buscar usuario
+ if (!$usuario = model(UsuarioModel::class)->findByUsername($data['nombreusuario'])) {
+ return redirect()->back()->with('msg', array(
+ 'type' => 'danger',
+ 'body' => 'Revisa tus credenciales e inténtalo nuevamente'
+ ));
+ }
+
+ // Verificar contraseña
+ if (!password_verify($data['password'], $usuario['password'])) {
+ return redirect()->back()->with('msg', array(
+ 'type' => 'danger',
+ 'body' => 'Revisa tus credenciales e inténtalo nuevamente'
+ ));
+ }
+
+ // Inicializar sesión
+ session()->set([
+ 'id' => $usuario['idusuario'],
+ 'usuario' => $usuario['nombreusuario'],
+ 'is_logged' => true,
+ ]);
+
+ return redirect()->route('admin_home')->with('msg', array(
+ 'type' => 'success',
+ 'body' => 'Inicio de sesión correcto'
+ ));
+ }
+ return view('AdminAuth/login');
+ }
+
+ public function logout()
+ {
+ $session = session();
+ $session->remove(['id', 'usuario', 'is_logged']);
+ return redirect()->route('admin_login');
+ }
+}
diff --git a/app/Controllers/BaseController.php b/app/Controllers/BaseController.php
index e63383e..4c97f11 100644
--- a/app/Controllers/BaseController.php
+++ b/app/Controllers/BaseController.php
@@ -35,7 +35,7 @@ abstract class BaseController extends Controller
*
* @var array
*/
- protected $helpers = ['auth'];
+ protected $helpers = ['auth', 'session'];
/**
* Constructor.
diff --git a/app/Filters/AdminFilter.php b/app/Filters/AdminFilter.php
new file mode 100644
index 0000000..10bec74
--- /dev/null
+++ b/app/Filters/AdminFilter.php
@@ -0,0 +1,51 @@
+is_logged;
+ if (!$loggedIn) {
+ return redirect()->route('admin_login');
+ }
+ }
+
+ /**
+ * Allows After filters to inspect and modify the response
+ * object as needed. This method does not allow any way
+ * to stop execution of other after filters, short of
+ * throwing an Exception or Error.
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @param array|null $arguments
+ *
+ * @return mixed
+ */
+ public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
+ {
+ //
+ }
+}
diff --git a/app/Models/UsuarioModel.php b/app/Models/UsuarioModel.php
new file mode 100644
index 0000000..05f1d13
--- /dev/null
+++ b/app/Models/UsuarioModel.php
@@ -0,0 +1,23 @@
+where('nombreusuario', $username)->first();
+ }
+}
diff --git a/app/Views/AdminAuth/login.php b/app/Views/AdminAuth/login.php
new file mode 100644
index 0000000..4f1b5e5
--- /dev/null
+++ b/app/Views/AdminAuth/login.php
@@ -0,0 +1,41 @@
+= $this->extend('templates/baseAdmin') ?>
+
+= $this->section('content') ?>
+
+
+
+
+
+
+ = view('Myth\Auth\Views\_message_block') ?>
+
+
+
+
+
+
+
+
+= $this->endSection() ?>
\ No newline at end of file
diff --git a/app/Views/templates/baseAdmin.php b/app/Views/templates/baseAdmin.php
index 45015ca..9a67738 100644
--- a/app/Views/templates/baseAdmin.php
+++ b/app/Views/templates/baseAdmin.php
@@ -38,54 +38,64 @@ scratch. This page gets rid of all links and provides the needed markup only.
-
-
-
-
-
+
+
+
+
+
+
+
+ Cerrar sesión
+
+
+
+
+