30 lines
642 B
PHP
30 lines
642 B
PHP
<?php
|
|
|
|
checkPasswordFormat($_POST['password']);
|
|
|
|
checkUsernameFormat($_POST['username']);
|
|
|
|
$username = hashUsername($_POST['username']);
|
|
|
|
if (usernameExists($username) !== true)
|
|
output(403, _('This account does not exist.'));
|
|
|
|
$id = query('select', 'users', ['username' => $username], 'id')[0];
|
|
|
|
if (checkPassword($id, $_POST['password']) !== true)
|
|
output(403, _('Wrong password.'));
|
|
|
|
if (outdatedPasswordHash($id))
|
|
changePassword($id, $_POST['password']);
|
|
|
|
stopSession();
|
|
startSession();
|
|
|
|
$_SESSION['id'] = $id;
|
|
$_SESSION['type'] = query('select', 'users', ['id' => $id], 'type')[0];
|
|
|
|
setupDisplayUsername($_POST['username']);
|
|
|
|
redir();
|
|
|