// CSRF tests passed--form was created by us recently.
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$valid = new FormValidation();
$valid->validate_presences('username', 'password');
$failed_login = new FailedLogin();
if (empty($valid->errors)) {
$throttle_delay = $failed_login->throttle_failed_logins($username);
if ($throttle_delay > 0) {
$message = "Too many attempted login. ";
$message .= "You must wait {$throttle_delay} minutes before you can attempt another login or ask to reset your password.";
} else {
// Check database to see if username/password exist.
$found_user = User::authenticate($username, $password);
if ($found_user) {
$failed_login->clear_failed_logins($username);
$session->login($found_user);
log_action('Login', "{$found_user->username} logged in.");
if (User::is_visitor()) {
redirect_to('/Inspinia/index.php');
}
redirect_to("index.php");
} else {
log_action('Login failed', "{$username} logged in failed.");
$failed_login->record_failed_login($username);
$blacklist_ip->add_ip_to_blacklist();
$message = "Username/password combination incorrect.";
//Uncomment if need to reinitialize to 0 blacklist and ip as argument
//$blacklist_ip->clear_blacklist_ip($_SERVER['REMOTE_ADDR']);
}
}
