working on login

.gitignore

@@ -1,4 +1,4 @@
-server/database/dragon.db
-server/database/dragon.db-shm
-server/database/dragon.db-wal
+server/database/*.db
+server/database/*.db-shm
+server/database/*.db-wal
 server/.installed

public/css/dragon.css

@@ -22,6 +22,36 @@ body {
 		justify-content: space-between;
 		margin-bottom: 1rem;
 	}
+
+	footer {
+		margin-top: 1rem;
+		display: flex;
+		justify-content: space-between;
+		align-items: center;
+		background-color: rgba(0, 0, 0, 0.25);
+		padding: 0.5rem;
+		color: white;
+	}
+
+	div#content {
+		display: flex;
+		flex-direction: row;
+		gap: 1rem;
+
+		aside#left {
+			flex-grow: 1;
+			max-width: 250px;
+		}
+
+		aside#right {
+			flex-grow: 1;
+			max-width: 250px;
+		}
+
+		main {
+			flex-grow: 1;
+		}
+	}
 }
 
 .form-group {

public/index.php

@@ -19,3 +19,6 @@ if ($route == 'gate') return GateModule::handle();
 // 404
 http_response_code(404);
 echo '404: ' . $route;
+
+// cleanup
+$app->cleanup();

server/app/App.php

@@ -11,19 +11,26 @@ class App
 	public static Request $req;
 	public static Auth $auth;
 	public static array $s = []; // game settings
+	public static array $flashes = []; // flash messages
 
 	public function __construct(string $dbPath)
 	{
 		self::$req = new Request(); // the current request
 		self::$db = new Database($dbPath); // the database
 		self::$dbPath = $dbPath; // the database path
+		self::$auth = new Auth();
 
 		// load game settings
 		$s = self::$db->q('SELECT * FROM settings WHERE id = 1;');
 		self::$s = $s ? $s->fetch() : [];
 
-		// init authentication
-		self::$auth = new Auth();
+		if (INSTALLED) {
+			// load the player's auth
+			self::$auth->good();
+		}
+
+		// load flash messages
+		self::$flashes = $_SESSION['flash'] ?? [];
 	}
 
 	public static function performDatabaseReset(): void
@@ -38,4 +45,21 @@ class App
 	{
 		return self::$auth->good();
 	}
+
+	public static function flash(string $key, mixed $value = null): mixed
+	{
+		// get a flash message
+		if ($value === null) return self::$flashes[$key] ?? null;
+
+		// set a flash message
+		$_SESSION['flash'][$key] = $value;
+		self::$flashes[$key] = $value;
+	}
+
+	public function cleanup()
+	{
+		// clean up flash messages
+		$_SESSION['flash'] = [];
+		unset($_SESSION['flash']);
+	}
 }

server/app/Auth.php

@@ -15,7 +15,7 @@ class Auth
 
 	public function __construct()
 	{
-		$this->good();
+
 	}
 
 	public function login(string $identifier, string $password, bool $remember = false): bool
@@ -37,20 +37,25 @@ class Auth
 		return true;
 	}
 
-	private function remember(int $id): array|false
+	private function remember(int $id): array
 	{
 		$data = ['player_id' => $id, 'token' => token()];
 
-		Session::createOrUpdate($data);
+		Session::createOrUpdate($data); // save the token in the database, overwriting the old one if it exists
 		setcookie(self::COOKIE_NAME, implode('::', $data), strtotime('+30 days'), '/', '', true, true);
 
 		return $data;
 	}
 
-	private function logout(): void
+	public function logout(): void
 	{
 		if (isset($_SESSION['player_id'])) unset($_SESSION['player_id']);
 		if (isset($_COOKIE[self::COOKIE_NAME])) setcookie(self::COOKIE_NAME, '', time() - 86400, '/', '', true, true);
+		if (ini_get("session.use_cookies")) {
+            $params = session_get_cookie_params();
+            setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
+        }
+		session_destroy();
 	}
 
 	public function good(): bool

server/models/Player.php

@@ -40,7 +40,7 @@ class Player
 	public static function validateCredentials(string $identifier, string $password, bool $fetch = false): int|false
 	{
 		// get the player from their username or email
-		$player = App::$db->do("SELECT " . ($fetch ? '*' : 'id, password') . " FROM players WHERE username = :i OR email = :i LIMIT 1;", ['i' => $identifier]);
+		$player = App::$db->do("SELECT " . ($fetch ? '*' : 'id, password') . " FROM players WHERE LOWER(username) = :i OR LOWER(email) = :i LIMIT 1;", ['i' => strtolower($identifier)]);
 		if ($player == false) return false;
 		$player = $player->fetch();
 

server/modules/GateModule.php

@@ -9,11 +9,47 @@ class GateModule
 		$s = App::$req->uri(1) ?? ''; // second segment
 		$m = App::$req->method; // request method
 
-		if ($s == '' || $s == 'login') return self::login();
+		if (App::$auth->good() && in_array($s, self::GUEST)) redirect('/');
+
+		if ($s == '' || $s == 'login') return self::login($m);
+		if ($s == 'logout' && $m == 'POST') return self::logout();
 	}
 
-	public static function login()
+	public static function login(string $method)
 	{
-		echo render('layout', ['title' => 'Login']);
+		// just display the login page
+		if ($method == 'GET') {
+			echo render('layout', ['title' => 'Login', 'content' => 'gate/login']);
+			return;
+		}
+
+		// handle the login form
+		$id = trim($_POST['id'] ?? ''); // identifier; let a user log in with email or username
+		$pw = $_POST['pw'] ?? ''; // password
+
+		// fields are required
+		if (empty($id) || empty($pw)) {
+			App::flash('error', 'Please fill out all fields.');
+			redirect('/gate/login');
+		}
+
+		// find the user, login if valid
+		$found = App::$auth->login($id, $pw, isset($_POST['remember']));
+
+		// Login is valid!
+		if ($found) {
+			App::flash('success', 'Welcome back!');
+			redirect('/');
+		} else {
+			App::flash('error', 'Player account not found.');
+			redirect('/gate/login');
+		}
+	}
+
+	private static function logout()
+	{
+		App::$auth->logout();
+		App::flash('success', 'You have been logged out.');
+		redirect('/');
 	}
 }

server/modules/HomeModule.php

@@ -4,8 +4,13 @@ class HomeModule
 {
 	public static function home()
 	{
+		foreach ($_SESSION['flash'] as $key => $value) {
+			echo '<div class="alert ' . $key . '">- ' . $value . '</div>';
+		}
+
 		if (App::auth()) {
 			echo 'You are already logged in!<br>';
+			echo '<form action="/gate/logout" method="post"><button>Logout</button></form>';
 		} else {
 			echo 'You are not logged in!<br>';
 		}

server/modules/InstallModule.php

@@ -294,15 +294,14 @@ class InstallModule
 			'level'    => $_POST['level'] ?? 1
 		]);
 
-		// Create the .installed file in the server folder
-		file_put_contents(SERVER.'/.installed', 'Installed on '.date('Y-m-d H:i:s'));
-
 		// login the admin
 		App::$auth->login($_POST['username'], $_POST['password']);
 
+		// Create the .installed file in the server folder
+		file_put_contents(SERVER.'/.installed', 'Installed on '.date('Y-m-d H:i:s'));
+
 		// Render the finished page!
 		echo render('install/layout', ['title' => 'Finished!', 'step' => 'done', 'name' => $_POST['username'], 'complete' => $_POST['complete'] ?? false]);
-
 	}
 
 	private static function fourOhFour()

server/templates/gate/login.php

@@ -0,0 +1,7 @@
+<form action="/gate/login" method="post">
+	<input type="text" name="id" placeholder="Email or Username">
+	<input type="password" name="pw" placeholder="Password">
+	<input type="checkbox" name="remember" id="remember">
+	<label for="remember">Remember me</label>
+	<button>Login</button>
+</form>

server/templates/layout.php

@@ -14,15 +14,19 @@
 
 		<div id="content">
 			<aside id="left">
-				left
+				<?php if (App::$auth->good()) {
+					echo render('partials/left', $data);
+				} ?>
 			</aside>
 
 			<main>
-
+				<?= render($content, $data) ?>
 			</main>
 
 			<aside id="right">
-				right
+				<?php if (App::$auth->good()) {
+					echo render('partials/right', $data);
+				} ?>
 			</aside>
 		</div>
 

server/templates/partials/footer.php

@@ -1 +1,11 @@
-footer
+<div>
+	&copy; <?= date('Y') ?> <?= App::$s['game_dev'] ?>
+</div>
+
+<div>
+	<?= App::$db->q("SELECT COUNT(id) FROM players WHERE last_online > ?;", [time() - 300])->fetchColumn() ?> players online
+</div>
+
+<div>
+	<?= App::$db->queries() ?> queries in <?= round(App::$db->time(), 2) ?> seconds
+</div>

server/templates/partials/left.php

@@ -0,0 +1 @@
+Left

server/templates/partials/right.php

@@ -0,0 +1 @@
+Right