/
login.php
72 lines (59 loc) · 2.17 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
require_once('./private/initialize.php');
// Check if we are using the HTTPS protocol before proceeding with login attempts.
if ($_SERVER['HTTPS']) {
$errors = [];
$username = '';
$password = '';
if (is_post_request()) {
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
// Validations
if (is_blank($username)) {
$errors[] = "Username cannot be blank.";
}
if (is_blank($password)) {
$errors[] = "Password cannot be blank.";
}
// if there were no errors, try to login
if (empty($errors)) {
// Using one variable ensures that msg is the same
$login_failure_msg = "Log in was unsuccessful.";
$user = find_user_by_username($username);
if ($user) {
if (password_verify($password, $user['password'])) {
// password matches
log_in_user($user);
$_SESSION['message'] = 'Login successful.';
redirect_to(url_for('/admin/index.php'));
} else {
// username found, but password does not match
$errors[] = $login_failure_msg;
}
} else {
// no username found
$errors[] = $login_failure_msg;
}
}
}
} else {
secure_login_redirect();
}
?>
<?php $page_title = 'Log in'; ?>
<?php include(SHARED_PATH . '/header.php'); ?>
<div class="center">
<h2>Log in</h2>
<br>
<form action="login.php" method="post">
<label for="username">Username: </label>
<input type="text" name="username" id="username" value="<?php echo h($username); ?>"/><br/>
<label for="password">Password: </label>
<input type="password" name="password" id="password" value=""/><br/>
<input type="submit" name="submit" value="Submit"/>
</form>
<div class="btm-return-link">
<a href="<?php echo url_for('index.php'); ?>">Return to Wine Guesser.</a>
</div>
</div>
<?php include(SHARED_PATH . '/footer.php'); ?>