$message = ''; if (!isset($_SESSION['UID']) || !isset($_SESSION['USER'])) { //If the form is submitted, then check the username and password if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['loginp']) && isset($_POST['loginu'])) { $u = $_POST['loginu']; $p = $_POST['loginp']; $p = sha1($p); //Unserialize all our users to check for a user with this name $io = new FileIO(); $users = array(); $userFiles = $io->getDirectoryFiles(Constants::GET_USERS_DIRECTORY()); $cuser = new User('dummy1', 'dummy2'); $userFound = false; foreach ($userFiles as $userFile) { $val = $io->readFile(Constants::GET_USERS_DIRECTORY() . '/' . $userFile); $cuser = unserialize($val); if ($cuser->getUsername() == $u) { $userFound = true; break; } } if ($userFound) { if ($cuser->getPassword() == $p) { $_SESSION['UID'] = $cuser->getUsername(); $_SESSION['USER'] = $cuser; header("Location: " . get_absolute_uri('index.php')); } else { $message = "Please try again"; } } else {
private function createUser($username, $password, $usertype, $pagePermissions) { $io = new FileIO(); $newuser = new User($username, $usertype); $newuser->setPassword($password); if (!empty($pagePermissions)) { foreach ($pagePermissions as $page => $perm) { $newuser->addPagePermission($page, $perm); } } $filename = Constants::GET_USERS_DIRECTORY() . '/' . $username . '.usr'; $serialized = serialize($newuser); return $io->writeFile($filename, $serialized); }