if ($_POST) {
    $errors = array();
    $email = trim($_POST['login-email']);
    $password = $_POST['login-password'];
    if (!$email) {
        $errors[] = 'no email address provided';
    } elseif (!preg_match('/^[A-Z0-9._%+-]+\\@[A-Z0-9.-]+\\.[A-Z]{2,4}(\\.[A-Z]{2,4})?$/i', $email)) {
        $errors[] = 'invalid email address';
    }
    if (!$password) {
        $errors[] = 'no password provided';
    }
    if ($errors) {
        Gadget::add_message(implode(', ', $errors));
    } else {
        switch (Access::log_user_in($email, $password)) {
            case 0:
                // shouldn't get here, should be redirected
                $message = 'You have been logged in.';
                break;
            case 1:
                $message = 'incorrect password';
                break;
            case 2:
                $message = 'email address not found';
                break;
        }
        Gadget::add_message($message);
    }
}
require 'header.php';