// Default action that guest is authorized to use. } } if ($action != 'SecurityLogin' && $action != 'SecurityProcessLogin' && !userIsAuthorized($action)) { if (!loggedIn()) { header("Location:../security/index.php?action=SecurityLogin&RequestedPage=" . urlencode($_SERVER['REQUEST_URI'])); } else { include '../security/not_authorized.html'; } } else { switch ($action) { case 'SecurityLogin': include '../security/login_form.php'; break; case 'SecurityProcessLogin': ProcessLogin(); break; case 'SecurityLogOut': ProcessLogOut(); break; case 'SecurityManageUsers': ManageUsers(); break; case 'SecurityUserAdd': UserAdd(); break; case 'SecurityUserEdit': UserEdit(); break; case 'SecurityUserDelete': UserDelete();
<?php if (!defined("IN_RULE")) { die("Oops"); } if (isset($_POST['email'])) { $message = ProcessLogin($_POST['email'], $pdo); } if (isset($_SESSION['email'])) { header("location: index.php"); exit; } function ProcessLogin($user, $dblink) { $login = filter::filter_email($user); if ($login != FALSE) { if ($stm = $dblink->prepare("SELECT email, pass FROM users WHERE email=?")) { $stm->execute(array($login)); $row = $stm->fetch(); $stm = NULL; $uname = $row['email']; $hash = $row['pass']; } if ($uname == $login) { if (password_verify($_POST['password'], $hash)) { $_SESSION['email'] = $login; //login::log_enter($dblink); } else { $mesg = "Wrong password"; } } else {