<?php
require_once './includes/configuration.php';
require_once './student/student_controller.php';
$display_message = FALSE;
$sc = new Student_controller();
if (isset($_POST['login'])) {
$user = sanitize_text($_POST['user']);
$pass = sanitize_text($_POST['pass']);
$error_msg;
if ($sc->validate_username($user) !== 1 || $sc->validate_password($pass) === FALSE) {
$error_msg = "Invalid username or password";
$display_message;
} else {
$answer = $sc->log_member_in($user, $pass);
if ($answer !== FALSE && $answer !== TRUE) {
$display_message = TRUE;
} elseif ($answer === FALSE) {
$display_message = TRUE;
}
}
if (isset($_SESSION['logged_in'])) {
if (!empty($_SESSION['tried_url'])) {
$tried_url = $_SESSION['tried_url'];
$_SESSION['tried_url'] = null;
?>
<script>window.location = "<?php
echo $tried_url;
?>
";</script>
<?php
//First, let's check if token is correct!
$form_token = $_POST['token'];
$sess_token = retrieve_session_token();
if ($form_token === $sess_token) {
$pass1 = sanitize_text($_POST['password1']);
$pass2 = sanitize_text($_POST['password2']);
$answer = $sc->create_student($username, $firstname, $lastname, $email, $pass1, $pass2);
if ($answer !== TRUE) {
?>
<script>
window.location = "#sign-up";
</script>
<?php
$error_message = "You have not filled out the form according to the requirements";
} else {
$sc->log_member_in($username, $pass1);
?>
<script>
alert('Welcome! :)');
window.location = "<?php
echo W1BASE;
?>
member_area.php";
</script>
<?php
}
} else {
$error_message = "It seems as if the form has expired";
}
}
?>
