session_start(); // REQUIRES require_once $_SERVER['DOCUMENT_ROOT'] . '/WebBristol/model/DAL/UserDAL.php'; // Accessing the POST var in a safe way to prevent SQL injects. $login = filter_input(INPUT_POST, 'login'); $password = filter_input(INPUT_POST, 'password'); // Checking the input parameters if (empty($login) && empty($password)) { // We redirect the user if they aren't all set // It means that someone is trying to access this page without authorisation. header('Location: ../login'); } // Encrypting the password to compare it later. $encryptedPassword = hash(hash_algos()[7], $password); // We're trying to access to the user with the given login. $user = UserDAL::findByLogin($login); // Case 1 : The login doesn't exist; if ($user->getId() === -1) { // We're saving the error message. $_SESSION["message"]["danger"] = "This login doesn't exist!"; // Redirecting. header('Location: ../login'); } else { if ($user->getPassword() !== $encryptedPassword) { // We're saving the error message. $_SESSION["message"]["danger"] = "Wrong password! Try again."; // Redirecting. header('Location: ../login'); } else { // We're saving the success message. $_SESSION["message"]["success"] = "You are connected. Welcome " . $user->getFirstName() . ' ' . $user->getLastName() . '!';