-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthenticate.php
68 lines (59 loc) · 1.74 KB
/
authenticate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
require_once("inc/utilities.php");
require_once("inc/secure.php");
require_once("inc/exceptions.php");
if (empty($_POST['email']) || empty($_POST['password']) )
login_error();
else
{
$email = $_POST["email"];
$password = $_POST["password"];
try
{
$userid = get_userid_from_email($email);
}
catch (PDOException $ex)
{
log_warn("Couldn't get userid from `$email`.");
login_error();
}
try
{
$authentic = do_authentication($userid, $password);
}
catch (InvalidLoginException $ex)
{
// TODO: Redirect to login page with email field filled out.
login_error();
}
if ($authentic)
{
if (account_active($userid))
{
do_login($userid);
redirect_to_home();
}
else
{
// TODO: Redirect to resend e-mail page.
// TODO: If we send the password and use POST
echo "<html><body>".
"<form method=\"POST\" action=\"resend_activation.php\" id=\"credentials\">".
"<input type=\"hidden\" name=\"email\" value=\"$email\">".
"<input type=\"hidden\" name=\"password\" value=\"$password\">".
"</form>".
"<p>The account $email has not been activated. Please click ".
"<a href=\"javascript: document.getElementById('credentials').submit();\">here</a> ".
"to send the activation e-mail again.</p>".
"</body></html>";
// TODO: Duplicate entry
// TODO: Need to deal with disabled accounts as well. Check if inactive and go to resend email page if so.
}
}
else
{
// TODO: Redirect to login and populate email field.
login_error();
}
}
?>