function submitLogin() { try { if (empty($_POST['username']) || empty($_POST['password'])) { throw new Exception("Username or password missing"); } $user = new UserToken(); if (!$user->verifyLogin($_POST['username'], $_POST['password'])) { throw new Exception("Username or password incorrect"); } $_SESSION['user'] = serialize($user); if ($user->isFlaggedForPwReset) { header("Location: admin?action=firstTimeReset"); } else { if (!empty($user->availiblePeriod)) { if (!empty($user->appraisee) || !empty($user->appraisee)) { header('Location: survey'); } else { header('Location: survey?action=renderForm&r=self&uid=' . $user->availiblePeriod['uid'] . '&u=' . $user->username); } } else { if ($user->isAdmin) { header('Location: report'); } else { throw new Exception('All surveys are closed at the moment. Please try again later.'); } } } } catch (Exception $ex) { header('HTTP/1.0 403 Forbidden', TRUE, 403); $this->requestLogin($ex); } }