// Define $username and $password
$username = $_POST['username'];
$password = $_POST['password'];
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = $db->escape_string($username);
$password = $db->escape_string($password);
// Check password and redirect accordingly
$result = null;
if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
// valid email address
$result = $db->checkLoginByEmail($username, $password);
} else {
// not an email. User name?
$result = $db->checkLoginByName($username, $password);
}
if ($result == NULL) {
// login failed
$error = $lh->translationFor("invalid_login_password");
} else {
$_SESSION["userid"] = $result["id"];
$_SESSION["username"] = $result["name"];
$_SESSION["userrole"] = $result["role"];
if (!empty($result["avatar"])) {
$_SESSION['avatar'] = $result["avatar"];
} else {
// random avatar.
$_SESSION["avatar"] = CRM_DEFAULTS_USER_AVATAR;
}
header("location: index.php");
