if (!isset($_SERVER["HTTPS"]) || !$_SERVER["HTTPS"]) { //redirect to secure header("HTTP/1.1 301 Moved Permanently"); header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit; } //if they are already logged in, redirect to home page if (isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"]) { header("Location: home.php"); } //check for a valid username and password if submitted if (isset($_POST["submitLogin"])) { $passwordCheck = new PasswordChecker(); // check the posted username and password if (!empty($_POST["username"])) { $_POST["submitLogin"] = $passwordCheck->isValid($_POST["username"], $_POST["password"]); // regenerate the session id session_regenerate_id(true); //if the login is valid redirect to home page if ($_POST["submitLogin"]) { $_SESSION["loggedIn"] = true; $_SESSION["username"] = $_POST["username"]; header("Location: home.php"); } else { echo "<div>Invalid username or password</div>"; } } } $form = new HtmlForm(); ?>
function checkCurrentPassword() { $passwordCheck = new PasswordChecker(); return $passwordCheck->isValid($_SESSION["username"], $_POST["currentPassword"]); }