/**
* Attempts to login with username and password.
*
* @param string $username Username
* @param string $password Password
* @return bool True if login was successful, or false otherwise.
*/
public function login($username, $password)
{
$dao = new UserDAO();
if ($dao->userExists($username)) {
$pwhash = $dao->getPassword($username);
if (pw_verify($password, $pwhash)) {
$this->loggedIn = true;
$this->username = $username;
return true;
}
}
return false;
}
$passwd2 = $_POST['passwd2'];
$username = $_POST['username'];
// validate password and username
if ($passwd != $passwd2) {
$warnings[] = "Passwords don't match";
}
if (!isValidPassword($passwd)) {
$warnings[] = "Not a valid password (longer than " . MIN_PASSWORD_LENGTH . " characters required)";
}
if (!isValidUsername($username)) {
$warnings[] = "Not a valid username (longer than " . MIN_USERNAME_LENGTH . " characters required)";
}
// No warnings means everything is in order, and we can create the user
if (count($warnings) == 0) {
$dao = new UserDAO();
if ($dao->userExists($username)) {
$warnings[] = "Username already taken";
} else {
$passwd = pw_encode($passwd);
if (!$dao->createUser($username, $passwd)) {
$warnings[] = "Failed to insert to database";
} else {
// Registration was successful, redirect the user to
// the login screen
$session->set('register_flag', true);
header("Location: login.php");
exit;
}
}
}
}
