session_start(); include 'classes/admins.php'; include '../lang/' . LOCALISATION . '.php'; $admins_model = new Admins(); //Instantiate class // Check if the user wants to logout if (isset($_GET['action']) && $_GET['action'] == 'logout') { $admins_model->logout(); } // Check for a validusername and password if ($_POST && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['token']) && !empty($_SESSION['token'])) { $username = $_POST['username']; $password = $_POST['password']; $token = $_POST['token']; //Attempt to login user $result = $admins_model->login($username, $password, $token); //Results of login attempt if ($result) { header('location: index.php'); //Redirect to main page } else { $status = $lang['INVALID_LOGIN']; //Report error } } elseif (isset($_SESSION['logged']) && $_SESSION['logged'] === TRUE) { header('location: index.php'); //Redirect to main page } else { $token = sha1(uniqid() . session_id()); $_SESSION['token'] = $token; }