}
# Process sign in
if (isset($_POST['signin']) && empty($_POST['signin']) && !empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['password-confirm']) && $_POST['password'] === $_POST['password-confirm']) {
$user = addslashes(htmlspecialchars($_POST['username']));
$email = addslashes(htmlspecialchars($_POST['email']));
$passwd = addslashes(htmlspecialchars($_POST['password']));
User::create($user, $email, $passwd);
$_SESSION['signedIn'] = true;
}
# Process comment
if (isset($_POST['comment']) && isset($_POST['song']) && is_numeric($_POST['song']) && isset($_POST['text']) && !empty($_POST['text']) && preg_match("/[a-zA-Z0-9]/", trim($_POST['text'])) && isset($_SESSION['online']) && $_SESSION['online']) {
$db = $_SESSION['db'];
$song = new Song($_POST['song']);
$user_id = $_SESSION['user']->getId();
$text = preg_replace("/_3/", "♥", htmlspecialchars(trim(preg_replace("/<3/", "_3", $_POST['text']))));
$stmt = $song->userHasCommented($user_id) ? $db->prepare("update comment set text = :text, date = unix_timestamp() where user = :user and song = :song;") : $db->prepare("insert into comment (user, song, text, date) values (:user, :song, :text, unix_timestamp());");
$stmt->execute(array("user" => $user_id, "song" => $song->getId(), "text" => $text));
$stmt->closeCursor();
$_SESSION['commented'] = true;
}
# Process regular search
/**
* @author Jérôme Boesch
*
*/
if (isset($_GET['q']) && !empty($_GET['q'])) {
$db = $_SESSION['db'];
$q = htmlspecialchars($_GET['q']);
$search_songs = array();
$search_albums = array();
$search_artists = array();
