function attemptLogin() { $user = getUserByUsernameOrEmail($_POST['username']); $login_ok = $user != null && isValidLogin($user, $_POST['password']); if ($login_ok) { setUserSession($user); } routeOnSuccessfulLoginOrReturnError($login_ok); }
header('location: /app/admin/'); break; case "signin": // Clear error states. unset($_SESSION['wrong_password']); unset($_SESSION['wrong_pseudo']); unset($_SESSION['raw_password']); unset($_SESSION['raw_pseudo']); unset($_SESSION['error_msg']); unset($_SESSION['info']); // Get new user information. $_SESSION['raw_password'] = $_POST['password']; $_SESSION['raw_pseudo'] = $_POST['pseudo']; $password = filter_input(INPUT_POST, 'password', FILTER_VALIDATE_REGEXP, $password_pattern); $username = trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING)); $user = getUserByUsernameOrEmail($username); if ($user == NULL) { $_SESSION['error_msg'] = "Incorrect username or email."; $_SESSION['wrong_username'] = true; header('location: /app/admin/login/'); exit; } // Check if the password matches the one in the database. $valid = verify_password($password, $user['password']); if (!$valid) { $_SESSION['error_msg'] = "Incorrect password."; $_SESSION['wrong_password'] = true; header('location: /app/admin/login/'); exit; } // The operation is a success, clear error states.