if (!isset($_SERVER["HTTPS"]) || !$_SERVER["HTTPS"]) {
//redirect to secure
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit;
}
//if they are already logged in, redirect to home page
if (isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"]) {
header("Location: home.php");
}
//check for a valid username and password if submitted
if (isset($_POST["submitLogin"])) {
$passwordCheck = new PasswordChecker();
// check the posted username and password
if (!empty($_POST["username"])) {
$_POST["submitLogin"] = $passwordCheck->isValid($_POST["username"], $_POST["password"]);
// regenerate the session id
session_regenerate_id(true);
//if the login is valid redirect to home page
if ($_POST["submitLogin"]) {
$_SESSION["loggedIn"] = true;
$_SESSION["username"] = $_POST["username"];
header("Location: home.php");
} else {
echo "<div>Invalid username or password</div>";
}
}
}
$form = new HtmlForm();
?>
function checkCurrentPassword()
{
$passwordCheck = new PasswordChecker();
return $passwordCheck->isValid($_SESSION["username"], $_POST["currentPassword"]);
}
