Source: src/Controllers/AuthController.php
Overview
No class-level docblock. Add one at the top of the file.
Extends: App\Controllers\BaseController
Public methods
showLogin(): void
Render the login form.
handleLogin(): void
Process a login submission.
Validates CSRF, checks lockout status, verifies credentials using timing-safe comparison, and manages session creation. A dummy bcrypt call runs when the username does not exist to prevent timing-based user enumeration.
logout(): void
Log the user out — destroy session, remove session record, redirect.
showRegister(): void
Render the registration form.
handleRegister(): void
Process a registration submission. Validates all fields server-side, creates the user with unverified status, and sends a verification code.
checkUsername(): void
AJAX endpoint for real-time username availability checking. Rate-limited to prevent enumeration.
showVerifyEmail(): void
Render the verification code entry screen.
handleVerifyEmail(): void
Validate a submitted email verification code against the stored token.
Checks expiration, maximum attempt count, and exact match before marking the token as consumed. A token is single-use — it is invalidated immediately after a successful match regardless of remaining TTL.
resendVerification(): void
Resend a verification code. Rate-limited to one per two minutes.
showForgotPassword(): void
Render the forgot password form.
handleForgotPassword(): void
Handle forgot password submission. Never reveals whether the email address is registered — always shows the same response.
showResetPassword(): void
Render the password reset code + new password form.
handleResetPassword(): void
Handle password reset — validate code, then set new password.
Auto-generated from source by bin/sync-class-docs.php on 2026-04-18 12:16 CDT. Re-runs overwrite this thread body.
. __ ____ ___ ____ _ _
/ /_| ___| / _ \___ \(_)___| |__
| '_ \___ \| | | |__) | / __| '_ \
| (_) |__) | |_| / __/| \__ \ | | |
\___/____/ \___/_____|_|___/_| |_|
D2sk - Sysop