summaryrefslogtreecommitdiff
path: root/signin.php
diff options
context:
space:
mode:
authorcflip <36554078+cflip@users.noreply.github.com>2021-05-08 17:30:08 -0600
committerGitHub <noreply@github.com>2021-05-08 17:30:08 -0600
commit87b1dfd1f77b08915ee5e905da45e316ba2c0e7d (patch)
treef6c0f8d09454b6e887df0f66ca37c1ce9efb30d0 /signin.php
parent0b045d57b2164b5ce003955d79627ae506a153eb (diff)
parenta09d9f377f5c055e42e5f21b5cdea64c2e2ca896 (diff)
Merge pull request #14 from cflip/refactor
Huge refactor
Diffstat (limited to 'signin.php')
-rw-r--r--signin.php56
1 files changed, 23 insertions, 33 deletions
diff --git a/signin.php b/signin.php
index e559614..2c43309 100644
--- a/signin.php
+++ b/signin.php
@@ -1,26 +1,25 @@
-<?php session_start()?>
+<?php session_start() ?>
<!DOCTYPE html>
-<html>
+<html lang="en">
<head>
- <title>Sign in - cflip.net forum</title>
- <link rel="stylesheet" href="styles/style.css">
+ <title>Sign in - cflip.net forum</title>
+ <link rel="stylesheet" href="styles/style.css">
</head>
<body>
- <?php include_once 'templates/header.php'?>
- <h2>Sign in</h2>
- <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
- <label for="user_name">Username: </label><br>
- <input type="text" name="user_name"><br>
- <label for="user_pass">Password: </label><br>
- <input type="password" name="user_pass"><br>
- <input type="submit" name="submit">
- </form>
+<?php include_once './includes/templates/header.php' ?>
+<h2>Sign in</h2>
+<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+ <label for="user_name">Username: </label><br>
+ <input type="text" name="user_name"><br>
+ <label for="user_pass">Password: </label><br>
+ <input type="password" name="user_pass"><br>
+ <input type="submit" name="submit">
+</form>
<?php
-include_once 'includes/db_inc.php';
-
-function validate($data) {
+function validate($data)
+{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
@@ -29,7 +28,7 @@ function validate($data) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
-
+
if (empty($_POST['user_name'])) {
$errors[] = 'Please provide a username.';
} else {
@@ -49,26 +48,17 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
}
echo '</ul>';
} else {
- $sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';";
- $result = mysqli_query($dbc, $sql);
+ $user = new User();
+ $result = $user->get_by_name($user_name);
if (!$result) {
- echo 'An error occurred while signing in: ' . mysqli_error($dbc);
+ echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>';
} else {
- if (mysqli_num_rows($result) == 0) {
- echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>';
+ if (!password_verify($user_pass, $user->password)) {
+ echo 'Password does not match!';
} else {
- while ($row = mysqli_fetch_assoc($result)) {
- if (!password_verify($user_pass, $row['user_pass'])) {
- echo 'Password does not match!';
- } else {
- $_SESSION['signed_in'] = true;
- $_SESSION['user_id'] = $row['user_id'];
- $_SESSION['user_name'] = $row['user_name'];
-
- header("Location: index.php");
- }
- }
+ Session::get()->sign_in($user);
+ header("Location: index.php");
}
}
}