// CSRF tests passed--form was created by us recently. $username = trim($_POST['username']); $password = trim($_POST['password']); $valid = new FormValidation(); $valid->validate_presences('username', 'password'); $failed_login = new FailedLogin(); if (empty($valid->errors)) { $throttle_delay = $failed_login->throttle_failed_logins($username); if ($throttle_delay > 0) { $message = "Too many attempted login. "; $message .= "You must wait {$throttle_delay} minutes before you can attempt another login or ask to reset your password."; } else { // Check database to see if username/password exist. $found_user = User::authenticate($username, $password); if ($found_user) { $failed_login->clear_failed_logins($username); $session->login($found_user); log_action('Login', "{$found_user->username} logged in."); if (User::is_visitor()) { redirect_to('/Inspinia/index.php'); } redirect_to("index.php"); } else { log_action('Login failed', "{$username} logged in failed."); $failed_login->record_failed_login($username); $blacklist_ip->add_ip_to_blacklist(); $message = "Username/password combination incorrect."; //Uncomment if need to reinitialize to 0 blacklist and ip as argument //$blacklist_ip->clear_blacklist_ip($_SERVER['REMOTE_ADDR']); } }