72 lines
2.4 KiB
PHP
72 lines
2.4 KiB
PHP
|
<?php
|
||
|
require_once '../startup.php';
|
||
|
|
||
|
include_once '_user.php';
|
||
|
|
||
|
if(session_active()) {
|
||
|
header('Location: /');
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if(isset($_POST['username'], $_POST['password']) && CSRF::verify()) {
|
||
|
$username = is_string($_POST['username']) ? $_POST['username'] : '';
|
||
|
$password = is_string($_POST['password']) ? $_POST['password'] : '';
|
||
|
$userInfo = get_user_for_login($username);
|
||
|
|
||
|
if(empty($userInfo) || !password_verify($password, $userInfo['user_password'])) {
|
||
|
$error = 'Username or password was invalid.';
|
||
|
} elseif(!empty($userInfo['user_email_verification'])) {
|
||
|
$error = 'You must complete e-mail verification before logging in.';
|
||
|
} else {
|
||
|
$sessionKey = create_session($userInfo['user_id']);
|
||
|
|
||
|
if(empty($sessionKey)) {
|
||
|
$error = 'Failed to start a session.';
|
||
|
} else {
|
||
|
setcookie('fmfauth', $sessionKey, time() + (60 * 60 * 24 * 31), '/');
|
||
|
header('Location: /');
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
switch(!empty($_GET['m']) && is_string($_GET['m']) ? $_GET['m'] : '') {
|
||
|
case 'welcome':
|
||
|
$message = 'You account has been created.';
|
||
|
break;
|
||
|
case 'activated':
|
||
|
$message = 'Your account has been activated.';
|
||
|
break;
|
||
|
case 'reactivate':
|
||
|
$message = 'You must reactivate your account after changing your e-mail address.';
|
||
|
break;
|
||
|
case 'forbidden':
|
||
|
$error = 'You must be logged in to do that.';
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
include FMF_LAYOUT . '/header.php';
|
||
|
?>
|
||
|
<form class="auth-form" method="post" action="">
|
||
|
<?=CSRF::html();?>
|
||
|
<div class="auth-header">
|
||
|
<h1>Log in</h1>
|
||
|
</div>
|
||
|
<?php if(isset($error) || isset($message)) { ?>
|
||
|
<div class="auth-message<?php if(isset($error)) { echo ' auth-message-error'; }?>"><?=($error ?? $message);?></div>
|
||
|
<?php } ?>
|
||
|
<label class="auth-field">
|
||
|
<div class="auth-field-name">Username</div>
|
||
|
<div class="auth-field-value"><input type="text" name="username" value="<?=htmlentities($username ?? '');?>"/></div>
|
||
|
</label>
|
||
|
<label class="auth-field">
|
||
|
<div class="auth-field-name">Password</div>
|
||
|
<div class="auth-field-value"><input type="password" name="password"/></div>
|
||
|
</label>
|
||
|
<div class="auth-buttons">
|
||
|
<input type="submit" value="Log in"/>
|
||
|
</div>
|
||
|
</form>
|
||
|
<?php
|
||
|
include FMF_LAYOUT . '/footer.php';
|