$userid = getDetails($username, 'User ID');
$user = User::createUserLoginDetails($userid);
//Check if the user is currently locked out
if ($user->getLocked()) {
//$locktime = strtotime($details[0]['Locked Time']);
$locktime = strtotime($user->getLockedTime());
if ($locktime + 15 * 60 > time()) {
//Still locked out so display message
$message = "You have entered incorrect details too many times and have been temporarily locked out. Please come back soon and try again.";
$desc = "The account for '{$username}' has been locked due to too many login attempts.";
infoLog($desc);
returnToPageError($message, $username);
} else {
unlockUser($userid);
clearFailedLogins($userid);
$user = User::createUserLoginDetails($userid);
}
}
$random_salt = $user->getSalt();
$pwd = hash('sha512', $pwd . $random_salt);
if ($pwd === $user->getPassword()) {
if ($user->getRole() === 'STUDENT') {
$_SESSION['user'] = Student::createStudentFromId($userid);
} else {
$_SESSION['user'] = Teacher::createTeacherFromId($userid);
}
clearFailedLogins($userid);
$_SESSION['timeout'] = time();
$message = "User {$userid} has been successfully logged in.";
if (isset($_SESSION['url']) && isset($_SESSION['urlid']) && $userid == $_SESSION['urlid']) {
$url = $_SESSION['url'];
