public function LoginParticulier() { $this->mLayout = "empty"; $this->mTheme = 'login-page'; $this->mViewFile = 'loginparticulier'; if (validate_form()) { $username = $this->input->post('username'); $password = $this->input->post('password'); $this->load->model('User_model', 'user_model'); $user = $this->user_model->get_by('email', $username); // only admin and staff can login /*if ( verify_role(['admin', 'staff'], $user) ) {*/ // password correct if (verify_pw($password, $user['password'])) { // limited fields to store in session $fields = array('id', 'role', 'email', 'first_name', 'last_name', 'created_at'); $user_data = elements($fields, $user); login_user($user); // success set_alert('success', 'Connexion réussie'); redirect('home'); exit; } //} // failed set_alert('danger', 'Nom d\'utilisateur ou Mot de passe incorrect'); redirect('/login/Loginparticulier'); } }
/** * Permet de connecter un utilisateur * @global type $tpl * @global type $pdo */ function index_login() { global $tpl; $tpl->assign('msg', false); //Tentative de connexion if (isset($_POST['login'])) { if (isset($_POST['otp_code'])) { $result = login_user($_POST['login'], $_POST['password'], $_POST['otp_code']); } else { $result = login_user($_POST['login'], $_POST['password']); } if ($result === true) { $url = explode('/', $_REQUEST['redirect'], 3); $opt = array(); if (isset($url[2])) { parse_str($url[2], $opt); } redirect($url[0], $url[1], $opt); } if ($result === -1) { //Erreur µ-1 = OTP requis if (isset($_POST['otp_code'])) { $tpl->assign('msg', 'Code erroné.'); } $tpl->display('index_login_otp.tpl'); quit(); } // Et oui, pas de redirection = erreur de login ... $tpl->assign('msg', 'Utilisateur ou mot de passe erroné.'); } $_SESSION['random'] = md5(uniqid()); $tpl->assign('random', $_SESSION['random']); $tpl->display('index_login.tpl'); quit(); }
public function login() { $this->mTitle = "Login"; $this->mViewFile = 'account/login'; if (validate_form()) { $email = $this->input->post('email'); $password = $this->input->post('password'); $user = $this->users->get_by(['email' => $email, 'active' => 1]); if (!empty($user)) { // "remember me" if ($this->input->post('remember')) { $this->session->sess_expire_on_close = FALSE; $this->session->sess_update(); } // check password if (verify_pw($password, $user['password'])) { // limited fields to store in session $fields = array('id', 'role', 'first_name', 'last_name', 'email', 'created_at'); $user_data = elements($fields, $user); login_user($user_data); // success set_alert('success', 'Login success.'); redirect('home'); exit; } } // failed $this->session->set_flashdata('form_fields', ['email' => $email]); set_alert('danger', 'Invalid Login.'); redirect('account/login'); } }
public function index() { $this->mLayout = "empty"; $this->mTheme = 'login-page'; $this->mViewFile = 'login'; if (validate_form()) { $username = $this->input->post('username'); $password = $this->input->post('password'); $this->load->model('Backend_user_model', 'backend_users'); $user = $this->backend_users->get_by('username', $username); // only admin and staff can login if (verify_role(['admin', 'staff-1', 'staff-2', 'staff-3'], $user)) { // password correct if (verify_pw($password, $user['password'])) { // limited fields to store in session $fields = array('id', 'role', 'username', 'full_name', 'created_at'); $user_data = elements($fields, $user); login_user($user); // success set_alert('success', 'Login success'); redirect('home'); exit; } } // failed set_alert('danger', 'Invalid Login'); redirect('login'); } }
function main() { // создаем сессию session_start(); if (is_current_user()) { // если пользователь уже залогинен, то отправляем его на глапную redirect('./'); } if (is_postback()) { // обрабатываем отправленную форму $dbh = db_connect(); $post_result = login_user($dbh, $user, $errors); db_close($dbh); if ($post_result) { // перенаправляем на главную redirect('./'); } else { // информация о пользователе заполнена неправильно, выведем страницу с ошибками render('login_form', array('form' => $_POST, 'errors' => $errors)); } } else { // отправляем пользователю чистую форму для входа render('login_form', array('form' => array(), 'errors' => array())); } }
function login() { global $vars, $day, $month, $year, $phpc_script; $html = tag('div'); //Check password and username if (isset($vars['username'])) { $user = $vars['username']; $password = $vars['password']; if (login_user($user, $password)) { $string = "{$phpc_script}?"; $arguments = array(); if (!empty($vars['lastaction'])) { $arguments[] = "action={$vars['lastaction']}"; } if (!empty($vars['year'])) { $arguments[] = "year={$year}"; } if (!empty($vars['month'])) { $arguments[] = "month={$month}"; } if (!empty($vars['day'])) { $arguments[] = "day={$day}"; } redirect($string . implode('&', $arguments)); return tag('h2', _('Logged in.')); } $html->add(tag('h2', _('Sorry, Invalid Login'))); } $html->add(login_form()); return $html; }
function validate_user_login() { $errors = []; $min = 3; $max = 20; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['email']) && isset($_POST['password'])) { $email = clean($_POST['email']); $password = clean($_POST['password']); if (empty($email)) { $errors[] = "Email field cannot be empty"; } if (empty($password)) { $errors[] = "Password cannot be empty"; } } if (!empty($errors)) { foreach ($errors as $error) { echo validation_errors($error); } } else { if (login_user($email, $password)) { redirect("admin.php"); } else { echo validation_errors("Your credentials are not correct"); } } } }
function login() { global $vars, $phpc_script; $html = tag('div'); //Check password and username if (isset($vars['username'])) { $user = $vars['username']; if (!isset($vars['password'])) { message(__("No password specified.")); } else { $password = $vars['password']; if (login_user($user, $password)) { $url = $phpc_script; if (!empty($vars['lasturl'])) { $url .= '?' . urldecode($vars['lasturl']); } redirect($url); return tag('h2', __('Logged in.')); } $html->add(tag('h2', __('Sorry, Invalid Login'))); } } $html->add(login_form()); return $html; }
public function edit_avatar() { $this->theme->setBreadcrumb("切换头像"); $this->theme->setTitle("切换头像"); $this->__view("User/header.php"); $user = login_user(); $this->__view("User/edit_avatar.php", ['type' => $user->getAvatarSql(), 'avatar' => $user->getAvatar()]); $this->__view("User/footer.php"); }
function do_login() { $status = ""; if (!empty($_POST['openid_identifier'])) { $sreg = new Zend_OpenId_Extension_Sreg(array('nickname' => false, 'email' => false, 'fullname' => false), null, 1.1); $consumer = new Zend_OpenId_Consumer(); if (!$consumer->login($_POST['openid_identifier'], '', null, $sreg)) { $status = "FAILED"; } } else { if (isset($_GET['openid_mode'])) { if ($_GET['openid_mode'] == "id_res") { $consumer = new Zend_OpenId_Consumer(); $sreg = new Zend_OpenId_Extension_Sreg(array('nickname' => false, 'email' => false, 'fullname' => false), null, 1.1); if ($consumer->verify($_GET, $id, $sreg)) { $_SESSION['logged_in_user'] = true; $status = true; $open_id_addr = $_GET['openid_identity']; if (strpos($open_id_addr, 'https') === 1) { $open_id_addr = str_replace('https', 'http', $open_id_addr); } //$_SESSION['user_info'] = array(); //$_SESSION['user_info']['open_id'] = $_GET['openid_identity']; /* $data = $sreg->getProperties(); if (isset($data['nickname'])) { $status .= "<br>nickname: " . htmlspecialchars($data['nickname']) . "<br>\n"; $_SESSION['user_info']['nickname'] = htmlspecialchars($data['nickname']); } if (isset($data['email'])) { $status .= "email: " . htmlspecialchars($data['email']) . "<br>\n"; $_SESSION['user_info']['email'] = htmlspecialchars($data['email']); } if (isset($data['fullname'])) { $status .= "fullname: " . htmlspecialchars($data['fullname']) . "<br>\n"; $_SESSION['user_info']['fullname'] = htmlspecialchars($data['fullname']); } */ login_user($open_id_addr); } else { $status = "INVALID " . htmlspecialchars($id); } } else { if ($_GET['openid_mode'] == "cancel") { $status = "CANCELED"; } } } } return $status; }
public function __construct() { parent::__construct(); if (!is_login()) { redirect(array("Home", "login")); } else { if (!login_user()->Permission("Control")) { redirect(array('Home', 'permission')); } } header("Content-Type: text/html; charset: utf-8"); }
public static function handleLogin() { //login user or display loginForm with errors $username = $_POST["username"]; $password = $_POST["password"]; if (!login_user($username, $password)) { self::displayLoginForm(array("error" => "Wrong username/password combination please try again!")); } else { //redirect to homepage on success header("Location: /"); } }
public function doAdminLoginAction() { $username = $this->request->getParam("username"); $pwd = $this->request->getParam("password"); $login_result = login_user($username, $pwd); if (!$login_result["ok"]) { $this->flash->setError("Invalid username/password"); $this->render(null, "admin_login"); } else { $this->redirect_to(admin_index_path()); } }
function portal_login($portal_auth, $user_name, $application_name) { $error = new SoapError(); $contact = new Contact(); $result = login_user($portal_auth); if ($result == 'fail' || $result == 'sessions_exceeded') { if ($result == 'sessions_exceeded') { $error->set_error('sessions_exceeded'); } else { $error->set_error('no_portal'); } return array('id' => -1, 'error' => $error->get_soap_array()); } global $current_user; if ($user_name == 'lead') { session_start(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['portal_id'] = $current_user->id; $_SESSION['type'] = 'lead'; login_success(); return array('id' => session_id(), 'error' => $error->get_soap_array()); } else { if ($user_name == 'portal') { session_start(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['portal_id'] = $current_user->id; $_SESSION['type'] = 'portal'; $GLOBALS['log']->debug("Saving new session"); login_success(); return array('id' => session_id(), 'error' => $error->get_soap_array()); } else { $contact = $contact->retrieve_by_string_fields(array('portal_name' => $user_name, 'portal_active' => '1', 'deleted' => 0)); if ($contact != null) { session_start(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $contact->id; $_SESSION['portal_id'] = $current_user->id; $_SESSION['type'] = 'contact'; $_SESSION['assigned_user_id'] = $contact->assigned_user_id; login_success(); build_relationship_tree($contact); return array('id' => session_id(), 'error' => $error->get_soap_array()); } } } $error->set_error('invalid_login'); return array('id' => -1, 'error' => $error->get_soap_array()); }
/** * Before the framework run. * * @return void */ function hook_bootstrap() { global $rublon, $config; // Create the Rublon object: require_once './extended/MyRublon.php'; require_once './extended/MyCallback.php'; $rublon = new MyRublon($config['rublon']['systemToken'], $config['rublon']['secretKey']); if (!empty($_GET['rublon']) and $_GET['rublon'] == 'callback') { // Rublon Callback URL try { $confirmResult = null; // Create instance of MyCallback which is the extended Rublon2FactorCallback class. $callback = new MyCallback($rublon); $callback->call(function ($userId, Rublon2FactorCallback $callback) use(&$confirmResult) { // <--- needed if this is a transaction confirmation. login_user($userId); $confirmResult = $callback->getCredentials()->getConfirmResult(); // Save deviceId for remote logout: $response = $callback->getCredentials()->getResponse(); // var_dump($response);exit; if (isset($response['result']['deviceId'])) { $_SESSION['rublonDeviceId'] = $response['result']['deviceId']; } }, function (Rublon2FactorCallback $callback) { if (!empty($_GET['custom']) and $_GET['custom'] == 'confirm') { die('canceled'); } else { redirect('./?rublon=cancel'); } }); if (!is_null($confirmResult)) { transaction_confirm_result($confirmResult == RublonAPICredentials::CONFIRM_RESULT_YES, $withRublon = true); exit; } else { redirect($config['websiteUrl'] . '?rublonLogin=success'); } } catch (Exception $e) { // Remember to utilize your own error handler. if (!empty($_GET['error']) and $_GET['error'] == 'timeout') { die('timeout error'); } var_dump(get_class($e)); echo $e->getMessage(); var_dump($e->getPrevious()); exit; } } }
/** * 发送状态头 */ public function __construct() { parent::__construct(); header('Content-type: application/json; Charset=utf-8'); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); if (!is_login()) { $this->rt_msg['msg'] = '用户未登陆'; exit; } else { if (!login_user()->Permission("Control")) { $this->rt_msg['msg'] = '权限不足'; exit; } } }
/** * @param $user_id */ public function delete($user_id) { $user_id = intval($user_id); if ($user_id < 1) { if (!login_user()->Permission('Control')) { $this->throwMsg(-4); } } if (!$this->existsCheck($this->post_id, $user_id)) { $this->throwMsg(-5); } $rt = $this->db->delete("posts", ['id' => $this->post_id]); if ($rt < 1) { Log::write(_("delete post error."), Log::SQL); $this->throwMsg(-6); } }
static function authenticate($permission_id, $user_id = NULL, $db = NULL) { if ($db === NULL) { global $_DB; $db = $_DB; } if ($user_id === NULL) { if (!isset($_SESSION['user_id'])) { if (!$this . login_user($db)) { $user_id = 0; } } $user_id = $_SESSION['user_id']; } $query = " \n SELECT \n `permissions`.`default_access_granted`,\n FROM `permissions`\n WHERE `permissions`.`permission_id` = '" . $permission_id . "'\n "; $results = mysqli_query($_DB, $query); if ($results === false) { echo "DB Error: " . mysqli_error(); exit; } $data = mysqli_fetch_array($results); if ($data['default_access_granted'] == 1) { return; } else { if ($user_id == 0) { $this . disallow_access(); } } unset($results); $query = " \n SELECT \n `group_access`.`access_granted`\n FROM `group_access`\n WHERE `group_access`.`permission_id` = '" . $permission_id . "'\n AND `group_access`.`group_id` IN\n (SELECT `group_id`\n FROM `group_user`\n WHERE `user_id` = '" . $user_id . "'\n )\n AND `access_granted` = 1\n "; $results = mysqli_query($_DB, $query); if ($results === false) { echo "DB Error: " . mysqli_error(); exit; } $data = mysqli_fetch_array($results); if (isset($data['access_granted'])) { return; } else { $this . disallow_access(); } }
public function view() { $this->__lib('Message'); $mg = new \ULib\Message(); $req = req()->_plain(); $data = ['content' => '', 'error' => '']; try { $data['content'] = $mg->read($req->req('id'), login_user()->getId()); $this->theme->header_add($this->theme->css(get_bootstrap_plugin_url("markdown/markdown.min.css"))); $this->theme->header_add($this->theme->js(['src' => get_bootstrap_plugin_url("markdown/markdown.js")])); $this->theme->header_add($this->theme->js(['src' => get_style("message_action.js")])); } catch (\Exception $ex) { $data['error'] = $ex->getMessage(); } $this->theme->setBreadcrumb("查看消息"); $this->theme->setTitle("查看消息"); $this->__view("User/header.php"); $this->__view("Message/view.php", $data); $this->__view("User/footer.php"); }
/** * Perform all the login functionality for the login page as requested. */ public static function perform_login_if_requested($username_requested, $pass) { Request::setTrustedProxies(Constants::$trusted_proxies); $request = Request::createFromGlobals(); $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null; $login_attempt_info = ['username' => $username_requested, 'user_agent' => $user_agent, 'ip' => $request->getClientIp(), 'successful' => 0, 'additional_info' => $_SERVER]; $logged_in = login_user($username_requested, $pass); $is_logged_in = $logged_in['success']; if (!$is_logged_in) { // Login was attempted, but failed, so display an error. self::store_auth_attempt($login_attempt_info); $login_error_message = $logged_in['login_error']; return $login_error_message; } else { // log a successful login attempt $login_attempt_info['successful'] = 1; self::store_auth_attempt($login_attempt_info); return ''; } }
public function edit() { l_h('html_tag.php'); $this->theme->setBreadcrumb("编辑文章"); $this->theme->setTitle("编辑文章"); $id = intval(req()->get('id')); $this->__lib('Post'); $post = new Post($id); $info = $post->getInfo(login_user()->getId()); $this->theme->header_add($this->theme->css(get_bootstrap_plugin_url("markdown/markdown.min.css"))); $this->theme->header_add($this->theme->js(['src' => get_bootstrap_plugin_url("markdown/markdown.js")])); if (!isset($info['post_id']) || $info['post_id'] != $id) { $this->__view("User/header.php"); $this->__view("Posts/not_found.php"); } else { $this->__view("User/header.php"); $this->__view("Posts/edit.php", ['info' => $info, 'post' => $post]); } $this->__view("User/footer.php"); }
//$adapter = $hybridauth->authenticate( "Xuite" ); // "https://yahoo.com/")) // return Hybrid_User_Profile object intance $user_profile = $adapter->getUserProfile($config['providers']['Xuite']); require_once "../../config.inc.php"; if (isset($user_profile->email) && isset($user_profile->displayName)) { $mylogin['email'] = $user_profile->email; $mylogin['type'] = $_REQUEST['provider']; $mylogin['nick'] = $user_profile->displayName; } else { $adapter->logout(); out_err("沒有 email 資訊, 登入失敗"); } $_SESSION['loggedin'] = 1; $_SESSION['mylogin'] = $mylogin; $row = login_user($mylogin); $_SESSION['uid'] = $row['uid']; // //// after login hook $maps = map_get($row['uid']); foreach ($maps as $map) { map_migrate($out_root, $row['uid'], $map['mid']); } if (isset($_SESSION['redirto']) && !empty($_SESSION['redirto'])) { out_ok("redir", $_SESSION['redirto']); unset($_SESSION['redirto']); } else { out_ok("ok", "../../main.php"); } exit; function out_err($str = "")
session_start(); // include section include 'includes/connect.php'; // for database connection //user details $fullname = $_POST['first_name'] . ' ' . $_POST['last_name']; $email = $_POST['email']; $fbid = $_POST['fbid']; //Check user id in our database $result = mysqli_query($conn, "SELECT fbid FROM fbtable WHERE fbid='{$fbid}'"); if (!$result) { die('Invalid query: ' . mysql_error()); } $UserCount = mysqli_num_rows($result); if ($UserCount) { //User is now connected, log him in login_user(true, $_POST['first_name'] . ' ' . $_POST['last_name']); } else { //User is new, Show connected message and store info in our Database mysqli_query($conn, "INSERT INTO fbtable (fbid, fullname, email) VALUES ('{$_POST['fbid']}', '{$fullname}','{$email}')"); } mysqli_close($conn); function login_user($loggedin, $user_name) { /* function stores some session variables to imitate user login. We will use these session variables to keep user logged in, until s/he clicks log-out link. */ $_SESSION['logged_in'] = $loggedin; $_SESSION['login_user'] = $user_name; }
<?php $titles[] = 'Register'; if ($s['user']) { add_flash('warning', "You can't create new users during the session"); go_home(); } if ($p) { $error_messages = validate('register', $p); if ($error_messages) { foreach ($error_messages as $msg) { add_flash('danger', $msg); } } else { $model['user']['create']($p); login_user($p['name'], $p['password']); } } include get_tpl('register');
<div class="panel panel-warning"> <div class="panel-heading"> <h3 class="panel-title">修改用户密码</h3> </div> <div class="panel-body"> <?php $user = login_user(); ?> <form id="User_edit_password_form" class="form-horizontal" method="post" action="<?php echo get_url("UserApi", "edit_password"); ?> "> <div class="form-group"> <label for="inputOldPassword" class="col-sm-2 control-label">原始密码</label> <div class="col-sm-10"> <input type="password" name="old_password" class="form-control" value="" id="inputOldPassword" placeholder="之前的密码"> </div> </div> <div class="form-group"> <label for="inputNewPassword" class="col-sm-2 control-label">新密码</label> <div class="col-sm-10"> <input type="password" name="new_password" class="form-control" value="" id="inputNewPassword" placeholder="新的密码"> </div> </div> <div class="form-group"> <label for="inputNewPasswordConfirm" class="col-sm-2 control-label">确认新密码</label> <div class="col-sm-10"> <input type="password" name="confirm_password" class="form-control" value="" id="inputNewPasswordConfirm" placeholder="再输入一次新的密码">
$curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_URL, 'https://rpxnow.com/api/v2/auth_info'); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $raw_json = curl_exec($curl); curl_close($curl); // parse the json response into an associative array $auth_info = json_decode($raw_json, true); // process the auth_info response if ($auth_info['stat'] == 'ok') { $profile = $auth_info['profile']; $identifier = $profile['identifier']; login_user($identifier); $_SESSION['logged_in_user'] = true; $_SESSION['flash_message'] = "You are now logged in. REMEMBER: Click the save icon to save your open panels."; } else { //failed $_SESSION['flash_message'] = "There was an error logging you in."; } header("Location: " . $_SESSION['client_url']); function login_user($openid) { require_once '../bin/db/db_functions.php'; $_SESSION['user_openid'] = $openid; $data = retrieve_user_data($openid); if ($data != '') { $data = unserialize($data['state']); $_SESSION['panels'] = $data['panels'];
/* connect to mysql using mysqli */ //$mysqli = new mysqli($hostname, $db_username, $db_password,$db_name); //if ($mysqli->connect_error) { //die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error); //} //Check user id in our database //$UserCount = $mysqli->query("SELECT COUNT(id) as usercount FROM usertable WHERE fbid=$uid")->fetch_object()->usercount; if ($UserCount) { //User exist, Show welcome back message echo 'Ajax Response :<br /><strong>Welcome back ' . $me['first_name'] . ' ' . $me['last_name'] . '!</strong> ( Facebook ID : ' . $uid . ') [<a href="' . $return_url . '?logout=1">Log Out</a>]'; //print user facebook data //echo '<pre>'; //print_r($me); //echo '</pre>'; //User is now connected, log him in login_user(true, $me['first_name'] . ' ' . $me['last_name']); } else { //User is new, Show connected message and store info in our Database /*echo 'Ajax Response :<br />Hi '. $me['first_name'] . ' '. $me['last_name'].' ('.$uid.')! <br /> Now that you are logged in to Facebook using jQuery Ajax [<a href="'.$return_url.'?logout=1">Log Out</a>]. <br />the information can be stored in database <br />';*/ //print user facebook data //echo '<pre>'; //print_r($me); //echo '</pre>'; // Insert user into Database. //$mysqli->query("INSERT INTO usertable (fbid, fullname, email) VALUES ($uid, '$fullname','$email')"); } //$mysqli->close(); //} function login_user($loggedin, $user_name) {
<?php session_start(); require_once 'wall_db.php'; //--------------handles registration----------------// if (isset($_POST['action']) && $_POST['action'] == 'register') { register_user($_POST); } else { if (isset($_POST['action']) && $_POST['action'] == 'login') { login_user($_POST); } else { session_destroy(); header('location: login.php'); exit; } } //--------------validation functions----------------// function register_user($post) { $_SESSION['errors'] = array(); if (empty($post['first_name'])) { $_SESSION['errors']['first_name'] = "First name cant be blank"; } if (empty($post['last_name'])) { $_SESSION['errors']['last_name'] = "Last name cant be blank"; } if (empty($post['email'])) { $_SESSION['errors']['email'] = "Email cannot be blank"; } if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL) === true) { $_SESSION['errors']['email'] = "Email is not valid";
<?php header("Content-type: application/json"); include "modele/param.inc.php"; include "modele/user/login_user.php"; $user = login_user($_POST["login"], md5($_POST["password"])); //var_dump($user); // if (!$user) { // $retour["display_name"]="Inconnu"; // echo json_encode(array("answer"=>$retour)); /* } else { */ echo json_encode(array("answer" => $user)); // }
$username = ""; $error = False; if (isset($_POST['username']) && isset($_POST['pass'])) { if ($_POST['username'] == "") { $error = "You must enter a username"; } if ($_POST['pass'] == "") { $error = "You must enter a password"; } } else { $error = "Hmm... Did you come from the login page?"; } if (!$error) { $username = strtolower($_POST['username']); $password = $_POST['pass']; $login = login_user($conn, $username, $password); if ($login) { if (gettype($login) == "string") { $error = $login; } else { session_start(); $_SESSION['id'] = $login['id']; header('Location: /'); die; } } else { $error = "Invalid username or password"; } } if ($error) { header('Location: /login.php?error=' . urlencode($error));