<?php require_once '../defaults.php'; require_once 'class/LoginUser.class.php'; $formelements = array("username" => array('required' => true, 'label' => 'Username or Email'), "password" => array('required' => true)); $form = new Form($formelements); $status = ""; if (isset($_REQUEST['status'])) { $status = $_REQUEST["status"]; } if ($form->valid()) { // Basic form validation $username = $form->getElement("username"); $unvalue = $username->value; $unmatches = db_get("SELECT 1 FROM login_user WHERE upper(username) = upper('{$unvalue}')", 'column'); $emailmatches = db_get("SELECT 1 FROM login_user WHERE upper(email) = upper('{$unvalue}')", 'column'); if (!empty($unmatches[1])) { $field = 'username'; } else { if (!empty($emailmatches[1])) { $field = 'email'; } else { $form->errors[] = "No user found with username or email <strong>" . $unvalue . "</strong>"; $form->valid = false; } } if (isset($field)) { $userrow = db_get("SELECT * FROM login_user WHERE upper({$field}) = upper('{$unvalue}')", 'row'); $passhashvalue = $userrow[0]['PASS']; $bcrypt = new Bcrypt(15); $isGood = $bcrypt->verify($_REQUEST['password'], $passhashvalue);