/**
* Check wether login POST data has been provided and handle it to try and log the user in.
* Set `$_SESSION['user']` value.
* @return: Returns false if the user credentials are invalid. Returns true otherwise (user connected or ready to connect). Handles page redirection upon successful login.
*/
function log_user_in()
{
global $dbh;
// If user alreadu connected, returns immediately
if (!empty($_SESSION['user'])) {
return true;
} elseif (!empty($_POST['login']) && !empty($_POST['password'])) {
$user = check_and_get_user($_POST['login'], $_POST['password']);
if ($user !== false) {
$_SESSION['user'] = $user;
} else {
return false;
}
// Handle "remember me" button
if (isset($_POST['remember'])) {
stay_connected($user);
}
header('location: index.php');
exit;
} elseif (!empty($_COOKIE['freeder_remember_me'])) {
$query = $dbh->prepare('SELECT id, password, salt, remember_token, is_admin FROM users WHERE remember_token=?');
$query->execute(array($_COOKIE['freeder_remember_me']));
$user = $query->fetch();
if (empty($user)) {
remove_stay_connected();
return true;
} else {
$_SESSION['user'] = $user;
header('location: index.php');
exit;
}
}
return true;
}
<?php
/* Copyright (c) 2014 Freeder
* Released under a MIT License.
* See the file LICENSE at the root of this repo for copying permission.
*/
require_once 'inc/init.php';
remove_stay_connected();
session_destroy();
header('location: index.php');
exit;
