add: user authentication and authorization feature

app/controllers/AuthController.php

@@ -3,15 +3,22 @@
 namespace App\Controllers;
 
 use App\Core\Controller;
-use App\Models\Admin;
+use App\Models\{User, Admin, Students};
 
 
-class AuthController extends Controller {
+class AuthController extends Controller
+{
 
+    private User $user;
     private Admin $admin;
+    private Students $student;
 
-    public function __construct() {
+
+    public function __construct()
+    {
+        $this->user = new User();
         $this->admin = new Admin();
+        $this->student = new Students();
     }
 
     public function viewLogin(): void {
@@ -21,42 +28,8 @@ public function viewLogin(): void {
         $this->view("templates/footer");
     }
 
-    public function loginProcess(): void {
-        /**
-         * ======================================================
-         * NOTE: THIS IS ONLY FOR TEMPORARY PURPOSES
-         * DON'T KEEP THIS CODE IN FUTURE DEVELOPMENT
-         * 
-         * REPLACE THIS WITH DATABASE INTEGRATION
-         * AND MAKE IT SECURE!
-         * ======================================================
-         */
-        if (isset($_POST["user_id"]) && isset($_POST['password'])) {
-            $user_id = $_POST['user_id'];
-            $password = $_POST['password'];
-        } else {
-            // WARNING: A warning to user if they do not send user ID and password
-            // Stop the login process
-            echo "USER ID AND PASSSWORD NOT FOUND!";
-            return;
-        }
-
-        session_start();
-        if ($user_id == "mahasiswa" && $password == "123") {
-            $_SESSION['user_id'] = $user_id;
-            $_SESSION['role'] = 'student';
-            header('Location: /dashboard');
-        } else if ($user_id == "admin" && $password == "admin123") {
-            $_SESSION['user_id'] = $user_id;
-            $_SESSION['role'] = 'admin';
-            header('Location: /dashboard');
-        } else {
-            // WARNING: A warning to user if they send wrong user ID and password
-            echo "WRONG USER ID AND PASSWORD";
-        }
-    }
-
-    public function adminLogin(): void {
+    public function adminLogin(): void
+    {
         if (isset($_POST['username']) && isset($_POST['password'])) {
             $username = $_POST['username'];
             $password = $_POST['password'];
@@ -72,23 +45,50 @@ public function adminLogin(): void {
         if ($result === false) {
             http_response_code(404);
             echo json_encode([
-                "status"=>"failed",
-                "message"=>"User not found"
+                "status" => "failed",
+                "message" => "User not found"
             ]);
         } else {
             http_response_code(200);
             echo json_encode([
-                "status"=>"success",
-                "message"=>"User successfully found",
-                "data"=>$result
+                "status" => "success",
+                "message" => "User successfully found",
+                "data" => $result
             ]);
         }
     }
 
-    public function logout(): void {
-        $data['title'] = "Logout";
-        $this->view("templates/header", $data);
-        $this->view("pages/logout");
-        $this->view("templates/footer");
+    public function login(): void
+    {
+        session_start();
+        if (!isset($_POST["user_id"]) || !isset($_POST['password'])) {
+            $data['title'] = "Login";
+            $data['message'] = "User fail to authenticate!";
+            $this->view("templates/header", $data);
+            $this->view("pages/user_fail_authenticate", $data);
+            $this->view("templates/footer");
+            return;
+        }
+
+        $user = $this->user->getUserDataByUserIDAndPassword($_POST['user_id'], $_POST['password']);
+
+        if ($user != false) {
+            $_SESSION['user_id'] = $user['user_id'];
+            $_SESSION['full_name'] = $user['nama_lengkap'];
+            $_SESSION['role'] = $user['role'];
+            header('Location: /dashboard');
+        } else {
+            $data['message'] = "User fail to authenticate! Wrong user id or password";
+            $this->view("pages/user_fail_authenticate", $data);
+        }
+
+    }
+
+    public function logout(): void
+    {
+        session_start();
+        session_unset();
+        session_destroy();
+        header('Location: /');
     }
 }

app/controllers/HomeController.php

@@ -25,12 +25,22 @@ public function dashboard(): void {
         $data['title'] = "Dashboard";
         $data['active_page'] = "dashboard";
         switch ($_SESSION['role']) {
-            case 'admin':
+            case 'Admin Prodi':
                 $this->view("templates/header", $data);
                 $this->view("pages/admin_prodi/dashboard", $data);
                 $this->view("templates/footer");
                 break;
-            case 'student':
+            case 'Admin TA':
+                $this->view("templates/header", $data);
+                $this->view("pages/admin_ta/dashboard", $data);
+                $this->view("templates/footer");
+                break;
+            case 'Admin Jurusan':
+                $this->view("templates/header", $data);
+                $this->view("pages/admin_jurusan/dashboard", $data);
+                $this->view("templates/footer");
+                break;
+            case 'mahasiswa':
                 $this->view("templates/header", $data);
                 $this->view("pages/student/dashboard", $data);
                 $this->view("templates/footer");

app/core/Database.php

@@ -27,13 +27,8 @@ public function __construct()
         }
     }
 
-    public function query(string $query): \PDOStatement
+    public function getConnection(): \PDO
     {
-        return $this->conn->query($query);
-    }
-
-    public function prepareQuery(string $query): \PDOStatement
-    {
-        return $this->conn->prepare($query);
+        return $this->conn;
     }
 }

app/models/Admin.php

@@ -7,11 +7,13 @@
 use App\Core\Model;
 
 
-class Admin extends Model {
-    public function checkUserIsAvailable(string $username, string $password): bool|array {
+class Admin extends Model
+{
+    public function checkUserIsAvailable(string $username, string $password): bool|array
+    {
         $query = "SELECT * FROM USERS.Admin WHERE nama_lengkap = ? AND password = ?";
 
-        $stmt = $this->db->prepareQuery($query);
+        $stmt = $this->db->getConnection()->prepare($query);
         $stmt->bindParam(1, $username);
         $stmt->bindParam(2, $password);
         $stmt->execute();

app/models/User.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Models;
+
+use App\Core\Model;
+
+
+class User extends Model
+{
+
+    public function getUserDataByUserIDAndPassword(string $user_id, string $password): bool|array
+    {
+        $query = <<<SQL
+            SELECT nim AS user_id, nama_lengkap, password, 'mahasiswa' AS role
+            FROM USERS.Mahasiswa
+            WHERE nim = ? AND password = ?
+            UNION 
+            SELECT  id_admin AS user_id, nama_lengkap, password, jabatan AS role
+            FROM USERS.Admin
+            WHERE id_admin = ? AND password = ?;
+        SQL;
+
+        $stmt = $this->db->getConnection()->prepare($query);
+        $stmt->bindParam(1, $user_id, \PDO::PARAM_STR);
+        $stmt->bindParam(2,  $password, \PDO::PARAM_STR);
+        $stmt->bindParam(3, $user_id, \PDO::PARAM_STR);
+        $stmt->bindParam(4, $password, \PDO::PARAM_STR);
+        $stmt->execute();
+        return $stmt->fetch(\PDO::FETCH_ASSOC);
+    }
+}

app/routes/web.php

@@ -8,10 +8,12 @@
 
 Router::add('GET', '/', HomeController::class, 'index');
 Router::add('GET', '/kontak', HomeController::class,'contact');
-Router::add('GET','/login', AuthController::class,'viewLogin');
-Router::add('POST', '/auth', AuthController::class,'loginProcess');
 Router::add('GET', '/dashboard', HomeController::class,'dashboard');
 
+Router::add('GET','/login', AuthController::class,'viewLogin');
+Router::add('POST', '/login', AuthController::class,'login');
+Router::add('POST', '/logout', AuthController::class,'logout');
+
 Router::add('GET', '/tugas-akhir', StudentsController::class, 'tugasAkhir');
 Router::add('GET', '/ta-terkirim', StudentsController::class, 'tugasAkhirTerkirim');
 Router::add('GET', '/ta-terverif', StudentsController::class, 'tugasAkhirTerverif');

app/views/components/admin_prodi/sidebar_admin.php → app/views/components/admin_prodi/sidebar.php

@@ -21,14 +21,34 @@
 
     <!-- Tombol Keluar -->
     <div class="mt-auto w-100 text-start pt-3 mb-5">
-        <a href="#" class="ps-3 nav-link d-flex text-white">
+        <button type="button" class="ps-3 nav-link d-flex text-white" data-bs-toggle="modal" data-bs-target="#modalConfirmationLogout">
             <svg class="me-2" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                 <path fill-rule="evenodd" clip-rule="evenodd"
                     d="M8.36828 6.65552C6.91888 7.45808 5.77602 8.71798 5.11811 10.2385C4.46021 11.759 4.32429 13.4546 4.73158 15.0605C5.13886 16.6665 6.06643 18.0923 7.36947 19.1155C8.67251 20.1387 10.2777 20.7017 11.9344 20.7165C13.5911 20.7313 15.206 20.1971 16.5272 19.1974C17.8483 18.1976 18.8012 16.7886 19.2371 15.1902C19.6731 13.5918 19.5675 11.8941 18.9369 10.362C18.3062 8.82999 17.1861 7.54987 15.7513 6.72152L16.5013 5.42252C18.2228 6.4168 19.5666 7.95307 20.323 9.79154C21.0795 11.63 21.2059 13.6672 20.6826 15.5851C20.1593 17.5029 19.0157 19.1936 17.4304 20.3931C15.8451 21.5926 13.9072 22.2335 11.9193 22.2157C9.93136 22.1978 8.00528 21.5223 6.44172 20.2945C4.87816 19.0668 3.7651 17.3559 3.2763 15.4289C2.78749 13.5019 2.95046 11.4674 3.73974 9.64277C4.52903 7.81817 5.90022 6.30625 7.63928 5.34302L8.36828 6.65552Z"
                     fill="#E4EEFF" />
                 <path fill-rule="evenodd" clip-rule="evenodd" d="M11.25 12V1.5H12.75V12H11.25Z" fill="#E4EEFF" />
             </svg>
             Keluar
-        </a>
+        </button>
+    </div>
+</div>
+
+
+<!-- Bootstrap Modal -->
+<div class="modal" tabindex="-1" id="modalConfirmationLogout">
+    <div class="modal-dialog modal-dialog-centered">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h5 class="modal-title text-danger">Konfirmasi logout</h5>
+                <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+                <p>Apakah anda yakin untuk logout ?</p>
+            </div>
+            <form action="/logout" method="post" class="modal-footer">
+                <button type="submit" class="text-white px-4" style="background-color: #052C65;">Iya</button>
+                <button type="button" class="bg-white px-4" style="color: #052C65;" data-bs-dismiss="modal">Batal</button>
+            </form>
+        </div>
     </div>
 </div>

app/views/pages/admin_prodi/dashboard.php

@@ -1,6 +1,6 @@
 <main class="d-flex">
     <!-- Sidebar -->
-    <?php include __DIR__ . '/../../components/admin_prodi/sidebar_admin.php' ?>
+    <?php include __DIR__ . '/../../components/admin_prodi/sidebar.php' ?>
     <div class="flex-grow-1">
 
         <?php include __DIR__ . '/../../components/admin_prodi/top_bar.php' ?>

app/views/pages/admin_prodi/detail_permintaan.php

@@ -1,6 +1,6 @@
 <div class="d-flex">
     <!-- Sidebar -->
-    <?php include __DIR__ . '/../../components/admin_prodi/sidebar_admin.php' ?>
+    <?php include __DIR__ . '/../../components/admin_prodi/sidebar.php' ?>
     <div class="flex-grow-1">
 
         <?php include __DIR__ . '/../../components/admin_prodi/top_bar.php' ?>

app/views/pages/admin_prodi/permintaan_verifikasi.php

@@ -1,15 +1,15 @@
 <main class="d-flex">
     <!-- Sidebar -->
-    <?php include __DIR__ . '/../../components/admin_prodi/sidebar_admin.php' ?>
+    <?php include __DIR__ . '/../../components/admin_prodi/sidebar.php' ?>
     <div class="flex-grow-1">
 
         <?php include __DIR__ . '/../../components/admin_prodi/top_bar.php' ?>
 
         <div class="halaman mx-5">
             <section class="mt-5">
 
-                        <h3 class="fw-bold mb-0" style="color: #052C65;">Permintaan Verifikasi</h3>
-               
+                <h3 class="fw-bold mb-0" style="color: #052C65;">Permintaan Verifikasi</h3>
+
                 <div class="mt-3 d-flex justify-content-between w-100 align-items-center">
                     <!-- Sort -->
                     <h6 class="m-0">Seluruh Permintaan</h6>

app/views/pages/login.php

@@ -2,7 +2,7 @@
 <main class="container d-flex flex-column justify-content-center align-items-center min-vh-100">
     <div class="mt-5 p-5 w-50 shadow" style="background-color: rgba(196, 217, 255, 0.18);">
         <h1 class="text-center mt-4 mb-5 fw-bold" style="color: #052C65;">FINALIS JTI</h1>
-        <form class="d-flex flex-column align-items-center rounded-4" method="post" action="/auth">
+        <form method="post" action="/login" id="login-form" class="d-flex flex-column align-items-center rounded-4">
             <div class="w-75 mt-5">
                 <label for="no_induk" class="form-label">ID Pengguna</label>
                 <input type="text" id="no_induk" class="form-control" name="user_id">