// Instantiate Login class
$login = new login($_POST['user']);
// SQL Injection Control
foreach ($_POST as $key => $value) {
if (is_string($_POST[$key])) {
$_POST[$key] = $login->escape($_POST[$key]);
}
}
// XSS Prevention
foreach ($_POST as $key => $value) {
if (is_string($_POST[$key])) {
$_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES, 'UTF-8');
}
}
// Message
if ($login->validateUser($_POST['user'], $_POST['password'], $sqlHandle)) {
print 'Thanks for logging in ' . $login->getUser() . '. Your email is: ' . $login->getEmail($_POST['user']) . ' <a href=index.php><- Back</a>';
die;
} else {
print '<strong>Bad credentials. Please try again. Thank you.</strong>';
}
}
?>
<html>
<head>
<title>Login</title>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<link rel="StyleSheet" href="style.css" type="text/css">
</head>
<body>
<div id="mainBox">
