$error = $lh->translationFor("insert_valid_login_password"); } else { $db = new \creamy\DbHandler(); // Define $username and $password $username = $_POST['username']; $password = $_POST['password']; // To protect MySQL injection for Security purpose $username = stripslashes($username); $password = stripslashes($password); $username = $db->escape_string($username); $password = $db->escape_string($password); // Check password and redirect accordingly $result = null; if (filter_var($username, FILTER_VALIDATE_EMAIL)) { // valid email address $result = $db->checkLoginByEmail($username, $password); } else { // not an email. User name? $result = $db->checkLoginByName($username, $password); } if ($result == NULL) { // login failed $error = $lh->translationFor("invalid_login_password"); } else { $_SESSION["userid"] = $result["id"]; $_SESSION["username"] = $result["name"]; $_SESSION["userrole"] = $result["role"]; if (!empty($result["avatar"])) { $_SESSION['avatar'] = $result["avatar"]; } else { // random avatar.