29 lines
670 B
PHP
29 lines
670 B
PHP
<?php declare(strict_types=1);
|
|
|
|
checkPasswordFormat($_POST['password']);
|
|
|
|
checkUsernameFormat($_POST['username']);
|
|
|
|
$username = hashUsername($_POST['username']);
|
|
|
|
if (usernameExists($username) !== true)
|
|
output(403, _('This account does not exist.'));
|
|
|
|
$id = query('select', 'users', ['username' => $username], ['id'])[0];
|
|
|
|
if (checkPassword($id, $_POST['password']) !== true)
|
|
output(403, _('Wrong password.'));
|
|
|
|
if (outdatedPasswordHash($id))
|
|
changePassword($id, $_POST['password']);
|
|
|
|
stopSession();
|
|
startSession();
|
|
|
|
$_SESSION['id'] = $id;
|
|
$_SESSION['type'] = query('select', 'users', ['id' => $id], ['type'])[0];
|
|
|
|
setupDisplayUsername($_POST['username']);
|
|
|
|
redir();
|