You are already logged in...";
}
else
{
echo "User Login
";
echo "";
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
if (!empty($_POST)) {
$query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
$stmt = $sql->prepare($query);
$stmt->execute(array(':username' => $_POST['username']));
$user = $stmt->fetchObject();
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)) {
session_regenerate_id();
$_SESSION['user_id'] = $user->id;
$_SESSION['loggedIn'] = TRUE;
$_SESSION['signature'] = md5($user->id . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['firstname'] = $user->firstname;
$_SESSION['lastname'] = $user->lastname;
session_write_close();
echo "Login successful...";
header("Location: index.php");
}
else
{
header ("Refresh:3; url=login.php", true, 303);
echo "Login failed, please try again...
";
}
}
}
//********** END CONTENT **********//
require_once($yaptc_inc . "footer.inc.php");
?>