| public login ( $email, $password ) |
function login($email, $password)
{
global $db;
// Prepare e-mail address
$email = $db->escape_string($email);
$email = strtolower($email);
$password = $db->escape_string($password);
$email_part = explode("@", $email);
$username = $email_part[0];
$domain = $email_part[1];
// Check e-mail address
$sql = "SELECT `" . DBC_USERS_ID . "`, `" . DBC_USERS_PASSWORD . "` FROM `" . DBT_USERS . "` WHERE `" . DBC_USERS_USERNAME . "` = '{$username}' AND `" . DBC_USERS_DOMAIN . "` = '{$domain}' LIMIT 1;";
if (!($result = $db->query($sql))) {
dbError($db->error);
}
if ($result->num_rows === 1) {
$userdata = $result->fetch_array(MYSQLI_ASSOC);
$uid = $userdata[DBC_USERS_ID];
$password_hash = $userdata[DBC_USERS_PASSWORD];
// Check password
if (crypt($password, $password_hash) === $password_hash) {
// Password is valid, start a logged-in user session
$this->loggedin = true;
$_SESSION['uid'] = $uid;
$_SESSION['email'] = $email;
return true;
} else {
// Password is invalid
return false;
}
} else {
// User could not be found
return false;
}
}if (empty($type) || !isset($type)) {
echo 'Request type is not set';
} else {
if ($type == 'signup') {
$data = USER::addNewUser($_REQUEST);
$_SESSION = $data;
if ($data['status'] == 'error') {
header("location:register.php");
} else {
header("location:index.php");
}
} else {
if ($type == 'login') {
$username = addslashes($_REQUEST['username']);
$password = addslashes($_REQUEST['password']);
$_SESSION = USER::login($username, $password);
if ($_SESSION['status'] == 'error') {
header("location:index.php");
} else {
header("location:profile.php");
}
} else {
if ($type == 'logout') {
unset($_SESSION);
session_destroy();
header("location:index.php");
}
}
}
}
?>
