// print $ip; $username = $_POST['username']; $password = $_POST['password']; // If non empty values if (isset($username) && isset($password)) { $username = stripcslashes($username); $passoword = stripcslashes($password); $mainController = new LoginController(); $ip = $mainController->getRealIpAddr(); $record = $mainController->getLoginRecordByIp($ip); // Run validations if (Validate::username($username) && Validate::password($password)) { $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username); // user credentials passed the validations $publicUser = new PublicUser($username, $password); $result = $publicUser->getUserByUsername($username); if ($result) { // username found if (password_verify($password, $result['password']) && (int) $result['blocked'] !== 1) { print_r($result); $user = new User($result['username'], $result['password'], $result['administrator']); $_SESSION["usertype"] = $user->getUserPrivilege(); $_SESSION["username"] = $user->getUsername(); $_SESSION["ip"] = $user->getRealIpAddr(); header("location:frontend/index.php"); exit; } elseif ((int) $result['blocked'] === 1) { header("location:blocked.html"); exit; } else { //******wrap it in a function********//