diff options
Diffstat (limited to 'signin.php')
| -rw-r--r-- | signin.php | 56 |
1 files changed, 23 insertions, 33 deletions
@@ -1,26 +1,25 @@ -<?php session_start()?> +<?php session_start() ?> <!DOCTYPE html> -<html> +<html lang="en"> <head> - <title>Sign in - cflip.net forum</title> - <link rel="stylesheet" href="styles/style.css"> + <title>Sign in - cflip.net forum</title> + <link rel="stylesheet" href="styles/style.css"> </head> <body> - <?php include_once 'templates/header.php'?> - <h2>Sign in</h2> - <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> - <label for="user_name">Username: </label><br> - <input type="text" name="user_name"><br> - <label for="user_pass">Password: </label><br> - <input type="password" name="user_pass"><br> - <input type="submit" name="submit"> - </form> +<?php include_once './includes/templates/header.php' ?> +<h2>Sign in</h2> +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> + <label for="user_name">Username: </label><br> + <input type="text" name="user_name"><br> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <input type="submit" name="submit"> +</form> <?php -include_once 'includes/db_inc.php'; - -function validate($data) { +function validate($data) +{ $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); @@ -29,7 +28,7 @@ function validate($data) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); - + if (empty($_POST['user_name'])) { $errors[] = 'Please provide a username.'; } else { @@ -49,26 +48,17 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { } echo '</ul>'; } else { - $sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';"; - $result = mysqli_query($dbc, $sql); + $user = new User(); + $result = $user->get_by_name($user_name); if (!$result) { - echo 'An error occurred while signing in: ' . mysqli_error($dbc); + echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>'; } else { - if (mysqli_num_rows($result) == 0) { - echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>'; + if (!password_verify($user_pass, $user->password)) { + echo 'Password does not match!'; } else { - while ($row = mysqli_fetch_assoc($result)) { - if (!password_verify($user_pass, $row['user_pass'])) { - echo 'Password does not match!'; - } else { - $_SESSION['signed_in'] = true; - $_SESSION['user_id'] = $row['user_id']; - $_SESSION['user_name'] = $row['user_name']; - - header("Location: index.php"); - } - } + Session::get()->sign_in($user); + header("Location: index.php"); } } } |