function attemptLogin()
{
$user = getUserByUsernameOrEmail($_POST['username']);
$login_ok = $user != null && isValidLogin($user, $_POST['password']);
if ($login_ok) {
setUserSession($user);
}
routeOnSuccessfulLoginOrReturnError($login_ok);
}
header('location: /app/admin/');
break;
case "signin":
// Clear error states.
unset($_SESSION['wrong_password']);
unset($_SESSION['wrong_pseudo']);
unset($_SESSION['raw_password']);
unset($_SESSION['raw_pseudo']);
unset($_SESSION['error_msg']);
unset($_SESSION['info']);
// Get new user information.
$_SESSION['raw_password'] = $_POST['password'];
$_SESSION['raw_pseudo'] = $_POST['pseudo'];
$password = filter_input(INPUT_POST, 'password', FILTER_VALIDATE_REGEXP, $password_pattern);
$username = trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING));
$user = getUserByUsernameOrEmail($username);
if ($user == NULL) {
$_SESSION['error_msg'] = "Incorrect username or email.";
$_SESSION['wrong_username'] = true;
header('location: /app/admin/login/');
exit;
}
// Check if the password matches the one in the database.
$valid = verify_password($password, $user['password']);
if (!$valid) {
$_SESSION['error_msg'] = "Incorrect password.";
$_SESSION['wrong_password'] = true;
header('location: /app/admin/login/');
exit;
}
// The operation is a success, clear error states.
