include_once "config.php"; $returnurl = 'index.php'; if(isset($_GET['returnurl']) && $_GET['returnurl'] != '' ) { $returnurl =base64_decode($_GET['returnurl']); } if(isset($_POST['returnurl']) && $_POST['returnurl'] != '' ) { $returnurl = $_POST['returnurl']; } //Prevent the user visiting the logged in page if he/she is already logged in if(isUserLoggedIn()) { header("Location: $returnurl"); die(); } ?> //Forms posted $resendActivation = false; $DBI->debug = false; if($_SERVER["REQUEST_METHOD"] == 'POST' && isset($_POST['login']) && $_POST['login'] == 'loginnow') { $errors = array(); $username = trim($_POST["username"]); $password = trim($_POST["password"]); $remember_choice = trim($_POST["remember_me"]); if($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } if($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if(count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if(!usernameExists($username)) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if($userdetails["active"]==0) { $resendActivation = true; $errors[] = lang("ACCOUNT_INACTIVE"); } else { if($userdetails["tisser_verification"]==0) { $errors[] = lang("ACCOUNT_INACTIVE_ADMIN"); } else{ //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password,$userdetails["password"]); if($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //passwords match! we're good to go' //Construct a new logged in user object //Transfer some DBI data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->hash_pw = $userdetails["password"]; //Update last sign in $loggedInUser->updatelast_sign_in(); $_SESSION["userPieUser"] = $loggedInUser; header("Location: $returnurl"); die(); } } } } } } include "header.php"; include "menu.php"; ?>