function _scratchpadify_install_configure_form_submit($form, &$form_state) { global $user; variable_set('site_name', $form_state['values']['site_name']); variable_set('site_mail', $form_state['values']['site_mail']); variable_set('date_default_timezone', $form_state['values']['date_default_timezone']); // Enable update.module if this option was selected. if ($form_state['values']['update_status_module'][1]) { // Stop enabling the update module, it's a right royal pain in the arse. //drupal_install_modules(array('update')); } // Turn this off temporarily so that we can pass a password through. variable_set('user_email_verification', FALSE); $form_state['old_values'] = $form_state['values']; $form_state['values'] = $form_state['values']['account']; // We precreated user 1 with placeholder values. Let's save the real values. $account = user_load(1); $merge_data = array('init' => $form_state['values']['mail'], 'roles' => array(), 'status' => 0); user_save($account, array_merge($form_state['values'], $merge_data)); // Log in the first user. user_authenticate($form_state['values']); $form_state['values'] = $form_state['old_values']; unset($form_state['old_values']); variable_set('user_email_verification', TRUE); if (isset($form_state['values']['clean_url'])) { variable_set('clean_url', $form_state['values']['clean_url']); } // The user is now logged in, but has no session ID yet, which // would be required later in the request, so remember it. $user->sid = session_id(); // Record when this install ran. variable_set('install_time', time()); }
/** * check if the login username and password match the db. * @param $username the inserted username * @param $password the inserted password (unhashed) * @return the logged in user's db row as array if login was a success, else "fail" will be returned. */ public static function checkLoginMatch($username, $password) { if (!user_authenticate($username, $password)) { return 'fail'; } else { return db_query("SELECT * FROM {users} WHERE name = :name", array(':name' => $username))->fetchAssoc(); } }
/** * {@inheritdoc} * * @see user_login_authenticate_validate(). */ public function authenticate(RequestInterface $request) { $username = $request->getUser(); $password = $request->getPassword(); // Do not allow any login from the current user's IP if the limit has been // reached. Default is 50 failed attempts allowed in one hour. This is // independent of the per-user limit to catch attempts from one IP to log // in to many different user accounts. We have a reasonably high limit // since there may be only one apparent IP for all users at an institution. if (!flood_is_allowed('failed_login_attempt_ip', variable_get('user_failed_login_ip_limit', 50), variable_get('user_failed_login_ip_window', 3600))) { throw new FloodException(format_string('Rejected by ip flood control.')); } if (filter_var($username, FILTER_VALIDATE_EMAIL)) { if (!($uid = db_query_range("SELECT uid FROM {users} WHERE LOWER(mail) = LOWER(:mail) AND status = 1", 0, 1, array(':mail' => $username))->fetchField())) { // Always register an IP-based failed login event. flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600), ip_address()); return null; } else { $username = db_query_range("SELECT name FROM {users} WHERE LOWER(mail) = LOWER(:mail) AND status = 1", 0, 1, array(':mail' => $username))->fetchField(); } } else { if (!($uid = db_query_range("SELECT uid FROM {users} WHERE name = :name AND status = 1", 0, 1, array(':name' => $username))->fetchField())) { // Always register an IP-based failed login event. flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600), ip_address()); return null; } } if (variable_get('user_failed_login_identifier_uid_only', false)) { // Register flood events based on the uid only, so they apply for any // IP address. This is the most secure option. $identifier = $uid; } else { // The default identifier is a combination of uid and IP address. This // is less secure but more resistant to denial-of-service attacks that // could lock out all users with public user names. $identifier = $uid; // . '-' . ip_address(); } // Don't allow login if the limit for this user has been reached. // Default is to allow 5 failed attempts every 6 hours. if (flood_is_allowed('failed_login_attempt_user', variable_get('user_failed_login_user_limit', 5), variable_get('user_failed_login_user_window', 21600), $identifier)) { // We are not limited by flood control, so try to authenticate. if ($uid = user_authenticate($username, $password)) { // Clear the user based flood control. flood_clear_event('failed_login_attempt_user', $identifier); $user = user_load($uid); return user_load($uid); } flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 3600), $identifier); } else { flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 3600), $identifier); throw new FloodException(format_string('Rejected by user flood control.')); } }
/** * Returns user type, true if type equals 0, false if not logged in. * Returns PHP_INT_MAX if user is admin. */ function is_logged_in($recheck = false) { static $type = -1; if ($type >= 0 && !$recheck) { return $type; } if (!isset($_SESSION['s_user']) || !isset($_SESSION['s_passwd'])) { return false; } if ($_SESSION['s_user'] == DB_USER && $_SESSION['s_passwd'] == DB_PASSWD) { return PHP_INT_MAX; } $username = pg_escape_string($_SESSION['s_user']); if (array_key_exists('s_admin_user', $_SESSION)) { $username = pg_escape_string($_SESSION['s_admin_user']); } $passwd_correct = $username == DB_USER && $_SESSION['s_passwd'] == DB_PASSWD; $company_id = null; $user_type = 0; if ($passwd_correct) { $company_id = 1; $user_type = 1; } else { $result = pg_query("SELECT company_id, passwd, passwd_salt, type FROM users WHERE username = '******'"); if ($row = pg_fetch_assoc($result)) { $company_id = $row['company_id']; $user_type = $row['type']; if (user_authenticate($company_id, $_SESSION['s_passwd'], $row['passwd'], $row['passwd_salt'])) { $passwd_correct = true; } } } if (!$passwd_correct) { return false; } $logged_in_user = pg_escape_string($_SESSION['s_user']); $result = pg_query("SELECT company_id, type FROM users WHERE username = '******'"); if ($row = pg_fetch_assoc($result)) { $type = $row['type']; if ($type == 0) { $type = true; } if ($username != DB_USER && $company_id != $row['company_id']) { $type = false; } if ($username != $logged_in_user && (($user_type & 1) == 0 || !$company_id)) { $type = false; } } else { $type = false; } return $type; }
} $password_ok = false; if (array_key_exists('password', $_POST)) { //Validation du password $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_MAGIC_QUOTES); $password = filter_var($password, FILTER_SANITIZE_STRING); // Validation du username : des alpha minuscules et des chiffres, min 4 caractères $password_ok = 1 === preg_match('/^[A-Za-z0-9%&$!*?]{8,}$/', $password); //Supprime les balises, et supprime ou encode les caractères spéciaux. //var_dump($password); //var_dump($password_ok); } if ($username_ok && $password_ok) { //Vérification des 2 critères pour la connexion require_once 'data/_users.php'; $user_info = user_authenticate($_POST['username'], $_POST['password']); if ($user_info) { //Si il est authentifier(valide) il va créer une session de login $_SESSION[PESS_USERNAME] = $user_info['username']; $message_login = '******' . $user_info['username']; $est_connecter = true; } else { //Sinon Échec de connexion $message_login = '******'; } } } elseif (array_key_exists('dologout', $_POST)) { //Si l'usager veut se déconnecter unset($_SESSION[PESS_USERNAME]); //Destruction de la session de connection $est_connecter = false;
/** * Login * User can login via username or email * @param string $email, username or email adddress * @return bool $success */ public function login($email, $password) { $sucess = 0; try { if ($this->isEmail($email)) { $username = $this->getUserName($email); } else { $username = $email; } if (\user_authenticate($username, $password)) { $userObj = \user_load_by_name($username); $this->setUserData($userObj); $this->setUserId($userObj->uid); $formState = array(); $formState['uid'] = $userObj->uid; \user_login_submit(array(), $formState); $sucess = 1; } else { $this->setError("login failed, bad username or password."); } } catch (\Exception $e) { $this->setError($e->getMessage()); } return $sucess; }
/** * load drupal bootstrap * * @param $name string optional username for login * @param $pass string optional password for login */ function loadBootStrap($params = array(), $loadUser = TRUE, $throwError = TRUE, $realPath = NULL) { $uid = CRM_Utils_Array::value('uid', $params); $name = CRM_Utils_Array::value('name', $params, FALSE) ? $params['name'] : trim(CRM_Utils_Array::value('name', $_REQUEST)); $pass = CRM_Utils_Array::value('pass', $params, FALSE) ? $params['pass'] : trim(CRM_Utils_Array::value('pass', $_REQUEST)); //take the cms root path. $cmsPath = $this->cmsRootPath($realPath); if (!file_exists("{$cmsPath}/includes/bootstrap.inc")) { echo '<br />Sorry, unable to locate bootstrap.inc.'; exit; } chdir($cmsPath); require_once 'includes/bootstrap.inc'; @drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); if (!function_exists('module_exists') || !module_exists('civicrm')) { echo '<br />Sorry, could not able to load drupal bootstrap.'; exit; } // lets also fix the clean url setting // CRM-6948 $config->cleanURL = (int) variable_get('clean_url', '0'); // we need to call the config hook again, since we now know // all the modules that are listening on it, does not apply // to J! and WP as yet // CRM-8655 CRM_Utils_Hook::config($config); if (!$loadUser) { return TRUE; } //load user, we need to check drupal permissions. if ($name) { $user = user_authenticate(array('name' => $name, 'pass' => $pass)); if (empty($user->uid)) { echo '<br />Sorry, unrecognized username or password.'; exit; } } elseif ($uid) { $account = user_load(array('uid' => $uid)); if (empty($account->uid)) { echo '<br />Sorry, unrecognized user id.'; exit; } else { global $user; $user = $account; } } }
/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the users attributes. On failure, * it should throw an exception. If the error was caused by the user entering the wrong * username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown. * * Note that both the username and the password are UTF-8 encoded. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); // authenticate the user $drupaluid = user_authenticate($username, $password); if (0 == $drupaluid) { throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } // load the user object from Drupal $drupaluser = user_load($drupaluid); // get all the attributes out of the user object $userAttrs = get_object_vars($drupaluser); // define some variables to use as arrays $userAttrNames = null; $attributes = null; // figure out which attributes to include if (NULL == $this->attributes) { $userKeys = array_keys($userAttrs); // populate the attribute naming array foreach ($userKeys as $userKey) { $userAttrNames[$userKey] = $userKey; } } else { // populate the array of attribute keys // populate the attribute naming array foreach ($this->attributes as $confAttr) { $userKeys[] = $confAttr['drupaluservar']; $userAttrNames[$confAttr['drupaluservar']] = $confAttr['callit']; } } // an array of the keys that should never be included // (e.g., pass) $skipKeys = array('pass'); // package up the user attributes foreach ($userKeys as $userKey) { // skip any keys that should never be included if (!in_array($userKey, $skipKeys)) { if (is_string($userAttrs[$userKey]) || is_numeric($userAttrs[$userKey]) || is_bool($userAttrs[$userKey])) { $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]); } elseif (is_array($userAttrs[$userKey])) { // if the field is a field module field, special handling is required if (substr($userKey, 0, 6) == 'field_') { $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]['und'][0]['safe_value']); } else { // otherwise treat it like a normal array $attributes[$userAttrNames[$userKey]] = $userAttrs[$userKey]; } } } } return $attributes; }
$headers = getallheaders(); $authCredentials = null; if (!empty($headers['Authorization'])) { $headerAuth = explode(' ', $headers['Authorization'], 2); $authCredentials = array_combine(array('username', 'password'), explode(':', base64_decode(end($headerAuth)), 2)); } else { if (@$_SERVER['PHP_AUTH_USER'] && @$_SERVER['PHP_AUTH_PW']) { $authCredentials = array('username' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']); } } if ($authCredentials) { if (is_array($userFilter) && !in_array($authCredentials['username'], $userFilter)) { header('HTTP/1.0 401 Unauthorized'); die('HTTP/1.0 401 Unauthorized'); } $authResult = user_authenticate($authCredentials['username'], $authCredentials['password']); if (!$authResult) { header('HTTP/1.0 401 Unauthorized'); die('HTTP/1.0 401 Unauthorized'); } } else { header('HTTP/1.0 400 Bad Request'); die('HTTP/1.0 400 Bad Request'); } } // Prepare CLI Requirements define('STDIN', fopen('php://input', 'r')); define('STDOUT', fopen('php://output', 'w')); $_SERVER['argv'] = array('autoupdate.php'); $mQuery = array_merge($_GET, $_POST); foreach ($mQuery as $k => $v) {
/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the users attributes. On failure, * it should throw an exception. If the error was caused by the user entering the wrong * username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown. * * Note that both the username and the password are UTF-8 encoded. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); // accomodating email logins here if ($result = db_query('SELECT name FROM {users} WHERE LOWER(mail) = LOWER(:name)', array(':name' => $username))) { if ($record = $result->fetchAssoc()) { $username = $record['name']; } } // authenticate the user // check if user is not blocked first if (!user_is_blocked($username)) { $drupaluid = user_authenticate($username, $password); if (0 == $drupaluid) { throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } } else { throw new SimpleSAML_Error_Error('USERBLOCKED'); } // load the user object from Drupal $drupaluser = user_load($drupaluid); // get all the attributes out of the user object $userAttrs = get_object_vars($drupaluser); // define some variables to use as arrays $userAttrNames = null; $attributes = null; // figure out which attributes to include if (NULL == $this->attributes) { $userKeys = array_keys($userAttrs); // populate the attribute naming array foreach ($userKeys as $userKey) { $userAttrNames[$userKey] = $userKey; } } else { // populate the array of attribute keys // populate the attribute naming array foreach ($this->attributes as $confAttr) { $userKeys[] = $confAttr['drupaluservar']; $userAttrNames[$confAttr['drupaluservar']] = $confAttr['callit']; } } // an array of the keys that should never be included // (e.g., pass) $skipKeys = array('pass', 'field_address'); // package up the user attributes foreach ($userKeys as $userKey) { // skip any keys that should never be included if (!in_array($userKey, $skipKeys)) { if (is_string($userAttrs[$userKey]) || is_numeric($userAttrs[$userKey]) || is_bool($userAttrs[$userKey])) { $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]); } elseif (is_array($userAttrs[$userKey])) { // if the field is a field module field, special handling is required if (substr($userKey, 0, 6) == 'field_') { if ($userAttrs[$userKey]['und'][0]['safe_value']) { $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]['und'][0]['safe_value']); } else { if ($userAttrs[$userKey]['und'][0]['value']) { $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]['und'][0]['value']); } else { // accomodate taxonomy term reference fields foreach ($userAttrs[$userKey]['und'] as $key => $value) { if ($value['tid']) { $term_object = taxonomy_term_load($value['tid']); $attributes[$userAttrNames[$userKey]][$key] = $term_object->name; } } } } } else { // otherwise treat it like a normal array $attributes[$userAttrNames[$userKey]] = $userAttrs[$userKey]; } } } } return $attributes; }
/** * load drupal bootstrap * * @param $name string optional username for login * @param $pass string optional password for login */ static function loadBootStrap($name = null, $pass = null, $uid = null) { //take the cms root path. $cmsPath = self::cmsRootPath(); if (!file_exists("{$cmsPath}/includes/bootstrap.inc")) { echo '<br />Sorry, could not able to locate bootstrap.inc.'; exit; } chdir($cmsPath); require_once 'includes/bootstrap.inc'; @drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); if (!function_exists('module_exists') || !module_exists('civicrm')) { echo '<br />Sorry, could not able to load drupal bootstrap.'; exit; } //load user, we need to check drupal permissions. $name = $name ? $name : trim(CRM_Utils_Array::value('name', $_REQUEST)); $pass = $pass ? $pass : trim(CRM_Utils_Array::value('pass', $_REQUEST)); if ($name) { $user = user_authenticate(array('name' => $name, 'pass' => $pass)); if (empty($user->uid)) { echo '<br />Sorry, unrecognized username or password.'; exit; } } else { if ($uid) { $account = user_load(array('uid' => $uid)); if (empty($account->uid)) { echo '<br />Sorry, unrecognized user id.'; exit; } else { global $user; $user = $account; } } } }
function auth($username, $server, $password) { return user_authenticate($username, $password) !== FALSE; }
/** * Drupal get login example */ public function postLogin() { $drupal = new \erdiko\drupal\Model(); /* if(\user_load_by_name($_POST['name']) == FALSE) { if(\user_load_by_mail($_POST['name']) == FALSE) { $content = \form_set_error('name', t('This username does not exist')); $content = $content.'This username does not exist'; } } */ if (strpos($_POST['name'], '@') === FALSE) { $user = \user_load_by_name($_POST['name']); if ($user) { $success = \user_authenticate($_POST['name'], $_POST['pass']); if ($success) { $content = 'Login successful. Welcome ' . $_POST['name']; } else { $content = 'Incorrect password.'; } } else { $content = 'User does not exist.'; } } else { $content = 'Please enter your user name, not email.'; } if (strpos($content, 'Login successful') === FALSE) { $elements = $drupal->drupal_get_form("user_login"); $form = \drupal_render($elements); $this->setContent($content . ' ' . $form); } else { $this->setContent($content); } }
<?php chdir("../../civi4"); require_once "includes/bootstrap.inc"; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); header("Content-Type: application/json; charset=utf-8"); $response = array("username" => "", "error" => 0); if (user_is_logged_in()) { $response["username"] = $user->name; echo json_encode($response); exit; } if ($_POST["username"] && $_POST["password"]) { $loginArray = array("name" => $_POST["username"], "pass" => $_POST["password"]); $login = user_authenticate($loginArray); if ($login) { $response["username"] = $user->name; echo json_encode($response); exit; } $response["error"] = 1; echo json_encode($response); exit; } echo json_encode($response); exit;
if (username_exists('gp')) { echo "Le username (gp) est pris."; } /** * Authentification d'un utilisateur * UC1 : Échec de l'authentification * UC2 : Réussite de l'authentification */ // UC1 : Tentative d'authentification avec un mot de passe incorrect $gp_user_info = user_authenticate('gp', 'invalid_password'); // En principe, le réponse vaut false if (false === $gp_user_info) { echo "<p>L'authentification de l'utilisateur 'gp' avec le mot de passe 'invalid_password' a échoué.</p>"; } // UC2 : Tentative d'authentification réussie $gp_user_info = user_authenticate('gp', 'gp'); // En principe la réponse ne vaut pas false et contient les paramètres de l'utilisateur authentifié if (false === $gp_user_info) { echo "<p>L'authentification de l'utilisateur 'gp' avec le mot de passe 'gp' a échoué.</p>"; } else { echo "<p>L'authentification de l'utilisateur 'gp' avec le mot de passe 'gp' a réussi.</p>"; echo "<p>Les paramètres de l'utilisateur sont :" . implode($gp_user_info, ',') . "</p>"; } /** * Enregistrer plusieurs connexions et déconnexions et Lister les utilisateurs connectés * * UC1: Connexion utilisateur 'gp' * UC2: Déconnexion utilisateur 'gp' * UC3: Lister des utilisateurs connectés après ajouts et connexion */ // UC1 : Connexion utilisateur 'gp'
/** * load drupal bootstrap * * @param array $params Either uid, or name & pass. * @param boolean $loadUser boolean Require CMS user load. * @param boolean $throwError If true, print error on failure and exit. * @param boolean|string $realPath path to script */ function loadBootStrap($params = array(), $loadUser = TRUE, $throwError = TRUE, $realPath = NULL) { //take the cms root path. $cmsPath = $this->cmsRootPath($realPath); if (!file_exists("{$cmsPath}/includes/bootstrap.inc")) { if ($throwError) { echo '<br />Sorry, could not locate bootstrap.inc\\n'; exit; } return FALSE; } // load drupal bootstrap chdir($cmsPath); define('DRUPAL_ROOT', $cmsPath); // For drupal multi-site CRM-11313 if ($realPath && strpos($realPath, 'sites/all/modules/') === FALSE) { preg_match('@sites/([^/]*)/modules@s', $realPath, $matches); if (!empty($matches[1])) { $_SERVER['HTTP_HOST'] = $matches[1]; } } require_once 'includes/bootstrap.inc'; // @ to suppress notices eg 'DRUPALFOO already defined'. @drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // explicitly setting error reporting, since we cannot handle drupal related notices error_reporting(1); if (!function_exists('module_exists') || !module_exists('civicrm')) { if ($throwError) { echo '<br />Sorry, could not load drupal bootstrap.'; exit; } return FALSE; } // seems like we've bootstrapped drupal $config = CRM_Core_Config::singleton(); // lets also fix the clean url setting // CRM-6948 $config->cleanURL = (int) variable_get('clean_url', '0'); // we need to call the config hook again, since we now know // all the modules that are listening on it, does not apply // to J! and WP as yet // CRM-8655 CRM_Utils_Hook::config($config); if (!$loadUser) { return TRUE; } $uid = CRM_Utils_Array::value('uid', $params); if (!$uid) { //load user, we need to check drupal permissions. $name = CRM_Utils_Array::value('name', $params, FALSE) ? $params['name'] : trim(CRM_Utils_Array::value('name', $_REQUEST)); $pass = CRM_Utils_Array::value('pass', $params, FALSE) ? $params['pass'] : trim(CRM_Utils_Array::value('pass', $_REQUEST)); if ($name) { $uid = user_authenticate($name, $pass); if (!$uid) { if ($throwError) { echo '<br />Sorry, unrecognized username or password.'; exit; } return FALSE; } } } if ($uid) { $account = user_load($uid); if ($account && $account->uid) { global $user; $user = $account; return TRUE; } } if ($throwError) { echo '<br />Sorry, can not load CMS user account.'; exit; } // CRM-6948: When using loadBootStrap, it's implicit that CiviCRM has already loaded its settings // which means that define(CIVICRM_CLEANURL) was correctly set. // So we correct it $config = CRM_Core_Config::singleton(); $config->cleanURL = (int) variable_get('clean_url', '0'); // CRM-8655: Drupal wasn't available during bootstrap, so hook_civicrm_config never executes CRM_Utils_Hook::config($config); return FALSE; }
<?php // Réception des données de formulaire de login/logout //var_dump($_SESSION); $username = null; $password = null; if (array_key_exists('dologin', $_POST) && array_key_exists('username', $_POST) && array_key_exists('password', $_POST)) { // User cherche à se connecter require_once 'db/_user.php'; $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); if ($auth = user_authenticate($username, $password)) { //authentifié do_login($username); // Connecté } else { //( ! array_key_exists($_POST['username'] && array_key_exists($_POST['password']))); echo "Vous devez entrer un indentifiant et mot de passe valide"; // TODO Gérer le bla bla de authentification invalide ici } // var_dump($auth);exit(); } elseif (array_key_exists('dologout', $_POST)) { // User cherche à se déconnecter do_logout(); // On le déconnecte header('Location:' . HOME_PAGE); } // ?> <?php
<?php DEFINE('SECURE', true); require "include/global.php"; if (isset($_POST['submit'])) { // Oh the joy of manual form validation $errors = false; // First, check all compulsary fields aren't blank if (empty($_POST['username'])) { $errors[] = 'You must fill in a username'; } if (empty($_POST['password'])) { $errors[] = 'Please enter a password'; } if (!$errors) { // More validation, but no point if anything is empty lib('User'); if (user_authenticate($_POST['username'], $_POST['password'])) { header('Location: /account.php'); die; // Just in case? } else { $errors[] = 'Invalid username or password. Please try again'; } } $smarty->assign('errors', $errors); } $smarty->display('login.tpl'); ?>