--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Prevent the user visiting the logged in page if he/she is already logged in\r
+if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $errors = array();\r
+ $username = sanitize(trim($_POST["username"]));\r
+ $password = trim($_POST["password"]);\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ if($username == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+ }\r
+ if($password == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+ }\r
+\r
+ if(count($errors) == 0)\r
+ {\r
+ //A security note here, never tell the user which credential was incorrect\r
+ if(!usernameExists($username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ $userdetails = fetchUserDetails($username);\r
+ //See if the user's account is activated\r
+ if($userdetails["active"]==0)\r
+ {\r
+ $errors[] = lang("ACCOUNT_INACTIVE");\r
+ }\r
+ else\r
+ {\r
+ //Hash the password and use the salt from the database to compare the password.\r
+ $entered_pass = generateHash($password,$userdetails["password"]);\r
+ \r
+ if($entered_pass != $userdetails["password"])\r
+ {\r
+ //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ //Passwords match! we're good to go'\r
+ \r
+ //Construct a new logged in user object\r
+ //Transfer some db data to the session object\r
+ $loggedInUser = new loggedInUser();\r
+ $loggedInUser->email = $userdetails["email"];\r
+ $loggedInUser->user_id = $userdetails["id"];\r
+ $loggedInUser->hash_pw = $userdetails["password"];\r
+ $loggedInUser->title = $userdetails["title"];\r
+ $loggedInUser->displayname = $userdetails["display_name"];\r
+ $loggedInUser->username = $userdetails["user_name"];\r
+ \r
+ //Update last sign in\r
+ $loggedInUser->updateLastSignIn();\r
+ $_SESSION["userCakeUser"] = $loggedInUser;\r
+ \r
+ //Redirect to user account page\r
+ header("Location: account.php");\r
+ die();\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Login</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<div id='regbox'>\r
+<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<p>\r
+<label>Username:</label>\r
+<input type='text' name='username' />\r
+</p>\r
+<p>\r
+<label>Password:</label>\r
+<input type='password' name='password' />\r
+</p>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Login' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r