1 files changed, 55 insertions, 0 deletions

diff --git a/src/http/Controller/Login.php b/src/http/Controller/Login.php
new file mode 100644
index 0000000..8c04d85
--- /dev/null
+++ b/src/http/Controller/Login.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace App\http\Controller;
+
+use App\DB;
+use App\View;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+
+class Login
+{
+  #[Route(path: '/login', methods: ['GET'])]
+  public function form(Request $request): Response
+  {
+    return new Response(View::render('login.twig'));
+  }
+
+  #[Route(path: '/login', methods: ['POST'])]
+  public function login(Request $request): Response
+  {
+    $email = $request->get('email');
+    $user = DB::query('select id,username,password from users where email=:email or username=:email', ['email' => $email])->fetch();
+
+    if (empty($user)) {
+      $password = password_hash($request->get('password'), PASSWORD_DEFAULT);
+      DB::query('insert into users (username, password, email) values (:username, :password, :email)', ['username' => $email, 'password' => $password, 'email' => $email]);
+
+      // TODO: also insert new village at random free coordinates
+    } else {
+      $password = $user['password'];
+    }
+
+    if (password_verify($request->get('password'), $password)) {
+      $_SESSION['user'] = [
+        'id' => $user['id'],
+        'username' => $user['username'],
+      ];
+
+      return new RedirectResponse('/villages');
+    }
+
+    return new RedirectResponse('/login');
+  }
+
+  #[Route(path: '/logout', methods: ['GET'])]
+  public function logout(Request $request): Response
+  {
+    session_unset();
+    session_destroy();
+
+    return new RedirectResponse('/login');
+  }
+}