if (!empty($emailmatches[1])) { $field = 'email'; } else { $form->errors[] = "No user found with username or email <strong>" . $unvalue . "</strong>"; $form->valid = false; } } if (isset($field)) { $userrow = db_get("SELECT * FROM login_user WHERE upper({$field}) = upper('{$unvalue}')", 'row'); $passhashvalue = $userrow[0]['PASS']; $bcrypt = new Bcrypt(15); $isGood = $bcrypt->verify($_REQUEST['password'], $passhashvalue); if ($isGood) { $form->successMessage = "Successfully logged on! If you are not redirected, please <a href='welcome.php'>click here</a>"; $user = new LoginUser(); $user->setFromArray($userrow[0]); $user->sessionSet(); $redirect = "welcome.php"; if (isset($_SESSION["referring_page"]) && $_SESSION["referring_page"] != $_SERVER['REQUEST_URI']) { $redirect = $_SESSION["referring_page"]; } header("Location: {$redirect}"); } else { $form->errors[] = "Wrong password"; $form->valid = false; } } } ?> <!DOCTYPE html> <html>