public static function employee_login()
{
$params = $_POST;
$employee = Employee::authenticate($params['username'], $params['password']);
if (!$employee) {
View::make('login/index.html', array('error' => 'Väärä käyttäjätunnus tai salasana!', 'username' => $params['username']));
} else {
$_SESSION['employee'] = $employee->id;
Redirect::to("/employee/login");
}
}
public function runEmployee($username, $password)
{
global $session;
$userReg = Employee::authenticate($username, $password);
if ($userReg) {
$session->Employeelogin($userReg);
return true;
} else {
return false;
}
}
<?php
$_SESSION['direct_to'] = BASE_URL . "account/change_password/";
include_once 'sessioninc.php';
$username = $session->get_username();
if (isset($_POST['bt_submit'])) {
$error = array();
$old_pass = $_POST['txt_old_pass'];
$new_pass = $_POST['txt_new_pass'];
$new_pass_try = $_POST['txt_new_pass_retry'];
$correct_user = Employee::authenticate($username, $old_pass);
/* check old password**/
if (!$correct_user) {
$error[] = format_lang('errormsg', 44);
}
/**new password*/
if (strlen($new_pass) != strlen($new_pass_try)) {
$error[] = format_lang('errormsg', 45);
}
if (strlen($new_pass) < 6 || strlen($new_pass) > 20) {
$error[] = format_lang('errormsg', 46);
}
if (sizeof($error) == 0) {
//if everything ok
$pass_change = Employee::change_password($username, $new_pass);
if ($pass_change) {
$session->message("<div class='success'>" . format_lang('success', 'pass_chg_success') . "</div>");
} else {
$session->message("<div class='error'>" . format_lang('errormsg', 47) . "</div>");
}
} else {
/** login */
if (isset($_POST['bt_login'])) {
$username = trim($_POST['useranme_txt']);
$pass = trim($_POST['pass_txt']);
$smarty->assign('username', $username);
$errors = array();
if ($username == "" || $pass == "") {
$errors[] = format_lang('error', 'empty_user_pass');
}
if (ENABLE_SPAM_LOGIN && ENABLE_SPAM_LOGIN == 'Y') {
if (strtolower($_POST['spam_code']) != strtolower($_SESSION['spam_code']) || (!isset($_SESSION['spam_code']) || $_SESSION['spam_code'] == NULL)) {
$errors[] = format_lang('error', 'spam_wrong_word');
}
}
if (sizeof($errors) == 0) {
$user_found = Employee::authenticate($username, $pass);
if ($user_found) {
//check employee status
if ($user_found->employee_status == 'pending') {
$message = "<div class='error'>" . format_lang('error', 'approve_account') . "</div>";
} elseif ($user_found->employee_status == 'deleted') {
$message = "<div class='error'>" . format_lang('error', 'status_deleted_account') . "</div>";
} elseif ($user_found->employee_status == 'suspended') {
$message = "<div class='error'>" . format_lang('error', 'status_suspended_account') . "</div>";
} elseif ($user_found->employee_status == 'declined') {
$message = "<div class='error'>" . format_lang('error', 'status_declined_account') . "</div>";
} else {
$access = "User";
$session->login($user_found, $access);
if (isset($_SESSION['direct_to'])) {
$page = $_SESSION['direct_to'];
