/** * Check wether login POST data has been provided and handle it to try and log the user in. * Set `$_SESSION['user']` value. * @return: Returns false if the user credentials are invalid. Returns true otherwise (user connected or ready to connect). Handles page redirection upon successful login. */ function log_user_in() { global $dbh; // If user alreadu connected, returns immediately if (!empty($_SESSION['user'])) { return true; } elseif (!empty($_POST['login']) && !empty($_POST['password'])) { $user = check_and_get_user($_POST['login'], $_POST['password']); if ($user !== false) { $_SESSION['user'] = $user; } else { return false; } // Handle "remember me" button if (isset($_POST['remember'])) { stay_connected($user); } header('location: index.php'); exit; } elseif (!empty($_COOKIE['freeder_remember_me'])) { $query = $dbh->prepare('SELECT id, password, salt, remember_token, is_admin FROM users WHERE remember_token=?'); $query->execute(array($_COOKIE['freeder_remember_me'])); $user = $query->fetch(); if (empty($user)) { remove_stay_connected(); return true; } else { $_SESSION['user'] = $user; header('location: index.php'); exit; } } return true; }
<?php /* Copyright (c) 2014 Freeder * Released under a MIT License. * See the file LICENSE at the root of this repo for copying permission. */ require_once 'inc/init.php'; remove_stay_connected(); session_destroy(); header('location: index.php'); exit;