$param1 = isset($_GET['param1']) ? $_GET['param1'] : ''; if (!isset($_SESSION['lolgh_admin'])) { $param = ''; } else { $user = $dao->findById('user', $_SESSION['lolgh_admin']); $vars['user'] = $user; } switch ($param) { case '': case 'login': $passwordHash = new \Lib\Password(); if (isset($_POST['email'])) { array_walk_recursive($_POST, 'mysql_real_escape_string'); $email = $_POST['email']; $password = $_POST['password']; $userId = $dao->authenticate($email, $password); if ($userId) { $_SESSION['lolgh_admin'] = $userId; header('Location: /admin/comic'); exit; } $vars['error'] = 'Invalid username and password'; } $template = '@admin/login.html'; break; case 'comic': // Check if delete is required if ($param1 != '' && preg_match("/(del)-[0-9]*/i", $param1)) { $delId = end(explode('-', $param1)); $comic = $dao->findById('comic', $delId); unlink('/img/comics/' . $comic->getUrl());