/** * Attempts to login with username and password. * * @param string $username Username * @param string $password Password * @return bool True if login was successful, or false otherwise. */ public function login($username, $password) { $dao = new UserDAO(); if ($dao->userExists($username)) { $pwhash = $dao->getPassword($username); if (pw_verify($password, $pwhash)) { $this->loggedIn = true; $this->username = $username; return true; } } return false; }
$passwd2 = $_POST['passwd2']; $username = $_POST['username']; // validate password and username if ($passwd != $passwd2) { $warnings[] = "Passwords don't match"; } if (!isValidPassword($passwd)) { $warnings[] = "Not a valid password (longer than " . MIN_PASSWORD_LENGTH . " characters required)"; } if (!isValidUsername($username)) { $warnings[] = "Not a valid username (longer than " . MIN_USERNAME_LENGTH . " characters required)"; } // No warnings means everything is in order, and we can create the user if (count($warnings) == 0) { $dao = new UserDAO(); if ($dao->userExists($username)) { $warnings[] = "Username already taken"; } else { $passwd = pw_encode($passwd); if (!$dao->createUser($username, $passwd)) { $warnings[] = "Failed to insert to database"; } else { // Registration was successful, redirect the user to // the login screen $session->set('register_flag', true); header("Location: login.php"); exit; } } } }