$userid = getDetails($username, 'User ID'); $user = User::createUserLoginDetails($userid); //Check if the user is currently locked out if ($user->getLocked()) { //$locktime = strtotime($details[0]['Locked Time']); $locktime = strtotime($user->getLockedTime()); if ($locktime + 15 * 60 > time()) { //Still locked out so display message $message = "You have entered incorrect details too many times and have been temporarily locked out. Please come back soon and try again."; $desc = "The account for '{$username}' has been locked due to too many login attempts."; infoLog($desc); returnToPageError($message, $username); } else { unlockUser($userid); clearFailedLogins($userid); $user = User::createUserLoginDetails($userid); } } $random_salt = $user->getSalt(); $pwd = hash('sha512', $pwd . $random_salt); if ($pwd === $user->getPassword()) { if ($user->getRole() === 'STUDENT') { $_SESSION['user'] = Student::createStudentFromId($userid); } else { $_SESSION['user'] = Teacher::createTeacherFromId($userid); } clearFailedLogins($userid); $_SESSION['timeout'] = time(); $message = "User {$userid} has been successfully logged in."; if (isset($_SESSION['url']) && isset($_SESSION['urlid']) && $userid == $_SESSION['urlid']) { $url = $_SESSION['url'];