Example #1
0
function login_form()
{
    global $LANG;
    $form = '<div class="login_form other_form">';
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && \site\utils::check_csrf($_POST['login_form']['csrf'], 'login_csrf')) {
        $pd = \site\utils::validate_user_data($_POST['login_form']);
        try {
            $session = \user\main::login($pd);
            $form .= '<div class="success">' . $LANG['login_success'] . '</div>';
            $form .= '<meta http-equiv="refresh" content="2; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '">';
        } catch (Exception $e) {
            $form .= '<div class="error">' . $e->getMessage() . '</div>';
        }
    }
    $csrf = $_SESSION['login_csrf'] = \site\utils::str_random(12);
    $form .= '<form method="POST" action="#">
  <div class="form_field"><label for="login_form[username]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="login_form[username]" id="login_form[username]" value="' . (isset($pd['username']) ? $pd['username'] : '') . '" required /></div></div>
  <div class="form_field"><label for="login_form[password]">' . $LANG['form_password'] . ':</label> <div><input type="password" name="login_form[password]" id="login_form[password]" value="" required /></div></div>
  <input type="hidden" name="login_form[csrf]" value="' . $csrf . '" />
  <div class="form_field no-label"><input type="checkbox" name="login_form[keep_logged]" id="keep_logged" /> <label for="keep_logged">' . $LANG['msg_keep_log'] . '</label></div>

  <button>' . $LANG['login'] . '</button>
  </form>

  </div>';
    return $form;
}
Example #2
0
<div class="sign_in">

<div class="wrapper">

<?php 
$form = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) {
    $pd = \site\utils::validate_user_data($_POST['login_form']);
    try {
        $session = \user\main::login($pd, 1);
        $form .= '<div class="success">' . $LANG['login_success'] . '</div>';
        $form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">';
    } catch (Exception $e) {
        $form .= '<div class="error">' . $e->getMessage() . '</div>';
    }
}
$csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12);
echo $form;
?>

<form action="#" method="POST">
<input type="text" name="login_form[username]" value="<?php 
echo isset($pd['username']) ? htmlspecialchars($pd['username']) : '';
?>
" placeholder="<?php 
echo $LANG['form_email'];
?>
" required />
<input type="password" name="login_form[password]" placeholder="<?php 
echo $LANG['form_password'];
?>