<?php
require_once '../defaults.php';
require_once 'class/LoginUser.class.php';
$formelements = array("username" => array('required' => true, 'label' => 'Username or Email'), "password" => array('required' => true));
$form = new Form($formelements);
$status = "";
if (isset($_REQUEST['status'])) {
$status = $_REQUEST["status"];
}
if ($form->valid()) {
// Basic form validation
$username = $form->getElement("username");
$unvalue = $username->value;
$unmatches = db_get("SELECT 1 FROM login_user WHERE upper(username) = upper('{$unvalue}')", 'column');
$emailmatches = db_get("SELECT 1 FROM login_user WHERE upper(email) = upper('{$unvalue}')", 'column');
if (!empty($unmatches[1])) {
$field = 'username';
} else {
if (!empty($emailmatches[1])) {
$field = 'email';
} else {
$form->errors[] = "No user found with username or email <strong>" . $unvalue . "</strong>";
$form->valid = false;
}
}
if (isset($field)) {
$userrow = db_get("SELECT * FROM login_user WHERE upper({$field}) = upper('{$unvalue}')", 'row');
$passhashvalue = $userrow[0]['PASS'];
$bcrypt = new Bcrypt(15);
$isGood = $bcrypt->verify($_REQUEST['password'], $passhashvalue);
