$sql = "SELECT * FROM `User` WHERE {$Username} limit 1";
$result = $db->query($sql);
$obj = $result->fetchObject();
if (!is_object($obj)) {
$smarty->assign("result", "login_error");
} else {
if ($obj->active == 1) {
if ($obj->password != "pass") {
if (password_verify($_REQUEST['password'], $obj->password)) {
$_SESSION['userID'] = $obj->ID;
userController::loginUser($_SESSION['userID']);
$smarty->assign("result", "success");
header('Location: home.php');
exit(0);
}
} else {
if ($obj->password == $_REQUEST['password']) {
//@TODO redirect to change password page, once noone has the password "pass" remove this check
$_SESSION['userID'] = $obj->ID;
userController::loginUser($_SESSION['userID']);
$smarty->assign("result", "success");
header('Location: home.php');
exit(0);
}
}
$smarty->assign("result", "login_error");
} else {
$smarty->assign("result", "activate");
}
}
$smarty->display("login.tpl");
