<?php require "LoginAttempt.php"; if (!empty($_POST["username"]) && !empty($_POST["password"])) { $dsn = "mysql:host=localhost;dbname=test"; $pdo = new PDO($dsn, "root", ""); try { $attempt = new LoginAttempt($_POST["username"], $_POST["password"], $pdo); $attempt->whenReady(function ($success) { echo $success ? "Valid" : "Invalid"; }); } catch (Exception $e) { if ($e->getCode() == 503) { header("HTTP/1.1 503 Service Unavailable"); exit; } else { if ($e->getCode() == 403) { header("HTTP/1.1 403 Forbidden"); exit; } else { echo "Error: " . $e->getMessage(); } } // Note here that it may be advisable to show the // same response for error messages that you show // for invalid requests. That way it'll be less // obvious to attackers that their requests are // being rejected rather than processed and // invalidated. } } else {