diff --git a/assets/php/form.php b/assets/php/form.php
new file mode 100644
index 0000000..28e615f
--- /dev/null
+++ b/assets/php/form.php
@@ -0,0 +1,238 @@
+formId = $formId;
+
+ $opcionesPorDefecto = array( 'ajax' => false, 'action' => null, 'class' => null, 'enctype' => null );
+ $opciones = array_merge($opcionesPorDefecto, $opciones);
+
+ $this->ajax = $opciones['ajax'];
+ $this->action = $opciones['action'];
+ $this->classAtt = $opciones['class'];
+ $this->enctype = $opciones['enctype'];
+
+ if ( !$this->action ) {
+ $this->action = $_SERVER['PHP_SELF'];
+ }
+ }
+
+ public function gestiona() {
+
+ if ( ! $this->formularioEnviado($_POST) ) {
+ echo $this->generaFormulario();
+ } else {
+ // Valida el token CSRF si es necesario (hay un token en la sesión asociada al formulario)
+ $tokenRecibido = isset($_POST['CSRFToken']) ? $_POST['CSRFToken'] : FALSE;
+
+ if ( ($errores = $this->csrfguard_ValidateToken($this->formId, $tokenRecibido)) !== TRUE ) {
+ if ( ! $this->ajax ) {
+ echo $this->generaFormulario($errores, $_POST);
+ } else {
+ echo $this->generaHtmlErrores($errores);
+ }
+ } else {
+ $result = $this->procesaFormulario($_POST);
+ if ( is_array($result) ) {
+ // Error al procesar el formulario, volvemos a mostrarlo
+ if ( ! $this->ajax ) {
+ echo $this->generaFormulario($result, $_POST);
+ } else {
+ echo $this->generaHtmlErrores($result);
+ }
+ } else {
+ if ( ! $this->ajax ) {
+ header('Location: '.$result);
+ } else {
+ echo $result;
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Devuelve un string con el HTML necesario para presentar los campos del formulario. Es necesario asegurarse que como parte del envío se envía un parámetro con nombre (i.e. utilizado como valor del atributo name del botón de envío del formulario).
+ */
+ protected function generaCamposFormulario ($datos) {
+ return '';
+ }
+
+ /**
+ * Procesa los datos del formulario.
+ */
+ protected function procesaFormulario($datos) {
+
+ }
+
+ /**
+ * Función que verifica si el usuario ha enviado el formulario. Comprueba si existe el parámetro $formId en $params.
+ *
+ * @param array $params Array que contiene los datos recibidos en el envío formulario.
+ *
+ * @return boolean Devuelve TRUE si $formId existe como clave en $params
+ */
+ private function formularioEnviado(&$params) {
+ return isset($params['action']) && $params['action'] == $this->formId;
+ }
+
+ /**
+ * Función que genera el HTML necesario para el formulario.
+ *
+ *
+ * @param array $errores (opcional) Array con los mensajes de error de validación y/o procesamiento del formulario.
+ *
+ * @param array $datos (opcional) Array con los valores por defecto de los campos del formulario.
+ */
+ private function generaFormulario($errores = array(), &$datos = array()) {
+
+ $html= $this->generaListaErrores($errores);
+
+ $html .= '';
+ return $html;
+ }
+
+ private function generaListaErrores($errores) {
+ $html='';
+ $numErrores = count($errores);
+ if ( $numErrores == 1 ) {
+ $html .= "";
+ } else if ( $numErrores > 1 ) {
+ $html .= "- ";
+ $html .= implode("
- ", $errores);
+ $html .= "
";
+ }
+ return $html;
+ }
+
+ private function csrfguard_GenerateToken($formId) {
+ if ( ! isset($_SESSION) ) {
+ throw new Exception('La sesión del usuario no está definida.');
+ }
+
+ if ( function_exists('hash_algos') && in_array('sha512', hash_algos()) ) {
+ $token = hash('sha512', mt_rand(0, mt_getrandmax()));
+ } else {
+ $token=' ';
+ for ($i=0;$i<128;++$i) {
+ $r=mt_rand(0,35);
+ if ($r<26){
+ $c=chr(ord('a')+$r);
+ } else{
+ $c=chr(ord('0')+$r-26);
+ }
+ $token.=$c;
+ }
+ }
+
+ $_SESSION[$formId.'_'.self::CSRF_PARAM]=$token;
+
+ return $token;
+ }
+
+ private function csrfguard_ValidateToken($formId, $tokenRecibido) {
+ if ( ! isset($_SESSION) ) {
+ throw new Exception('La sesión del usuario no está definida.');
+ }
+
+ $result = TRUE;
+
+ if ( isset($_SESSION[$formId.'_'.self::CSRF_PARAM]) ) {
+ if ( $_SESSION[$formId.'_'.self::CSRF_PARAM] !== $tokenRecibido ) {
+ $result = array();
+ $result[] = 'Has enviado el formulario dos veces';
+ }
+ $_SESSION[$formId.'_'.self::CSRF_PARAM] = ' ';
+ unset($_SESSION[$formId.'_'.self::CSRF_PARAM]);
+ } else {
+ $result = array();
+ $result[] = 'Formulario no válido';
+ }
+ return $result;
+ }
+}
+
+/*
+class Formulario {
+
+ private $formId;
+ private $action;
+ private $classAtt;
+ private $enctype;
+
+ public function __construct($formId, $opciones = array() ) {
+ $this->formId = $formId;
+ $opcionesPorDefecto = array( 'ajax' => false, 'action' => null, 'class' => null,
+ 'enctype' => null );
+ $opciones = array_merge($opcionesPorDefecto, $opciones);
+
+ $this->ajax = $opciones['ajax'];
+ $this->action = $opciones['action'];
+ $this->classAtt = $opciones['class'];
+ $this->enctype = $opciones['enctype'];
+
+ if (!$this->action) {
+ $app = Aplicacion::getSingleton();
+ $this->action = htmlspecialchars($_SERVER['REQUEST_URI']);
+ $this->action = $app->resuelve($this->action);
+ }
+ }
+}
+*/
+?>
\ No newline at end of file
diff --git a/login/includes/formLogin.php b/login/includes/formLogin.php
index 22627a7..95f435d 100644
--- a/login/includes/formLogin.php
+++ b/login/includes/formLogin.php
@@ -1,7 +1,7 @@
encryptPass($password);
+
+ $sql = sprintf( "INSERT INTO users( id, username, email, passwd, rol)
+ VALUES ( '%s', '%s', '%s', '%s', '%s')",
+ $id, $username, $email, $password, $rol );
+
+ return $sql;
+ }
+
+ //Returns a query to check if the user name exists.
+ public function selectUser($username){
+ $username = $this->mysqli->real_escape_string($username);
+
+ $sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username );
+ $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+ return $resul;
+ }
+
+ //Returns a query to check if the user pass matches.
+ public function selectPass($username, $password){
+ $username = $this->mysqli->real_escape_string($username);
+ $password = $this->mysqli->real_escape_string($password);
+ $password = $this->encryptPass($password);
+
+ $sql = sprintf( "SELECT * FROM users WHERE username = '%s' AND passwd = '%s'", $username, $password);
+ $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+ //return $this->mysqli->query($sql);
+ return $resul;
+ }
+
+ //Returns a query to get the user's data.
+ public function userData($id){
+ $sql = sprintf( "SELECT * FROM users WHERE id = '%d'", $id );
+ $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+ return $resul;
+ }
+
+ //Create a new User Data Transfer Object.
+ public function loadUser($id, $username, $email, $password, $rol){
+ return new UserDTO($id, $username, $email, $password, $rol);
+ }
+
+ }
+
+?>
\ No newline at end of file
diff --git a/login/includes/user_dto.php b/login/includes/user_dto.php
new file mode 100644
index 0000000..4e882f3
--- /dev/null
+++ b/login/includes/user_dto.php
@@ -0,0 +1,37 @@
+_id = $id;
+ $this->_username = $username;
+ $this->_email = $email;
+ $this->_password = $password;
+ $this->_rol = $rol;
+ }
+
+ //Methods:
+
+ //Getters && Setters:
+ public function setId($id){ $this->_id = $id; }
+ public function getId(){ return $this->_id; }
+ public function setName($username){ $this->_username = $username; }
+ public function getName(){ return $this->_username; }
+ public function setEmail($email){ $this->_email = $email; }
+ public function getEmail(){ return $this->_email; }
+ public function setPass($passwd){ $this->_password = $passwd; }
+ public function getPass(){ return $this->_password; }
+ public function setRol($rol){ $this->_rol = $rol; }
+ public function getRol(){ return $this->_rol; }
+
+ }
+?>
\ No newline at end of file
diff --git a/login/includes/users_dto_interface.php b/login/includes/users_dto_interface.php
new file mode 100644
index 0000000..6bfc7aa
--- /dev/null
+++ b/login/includes/users_dto_interface.php
@@ -0,0 +1,14 @@
+
\ No newline at end of file