querySingle("SELECT shadow FROM users WHERE username = '$user'"); if(password_verify($_POST["password"],$shadow)){ $_SESSION["login"] = true; $_SESSION["uid"] = $db->querySingle("SELECT id FROM users WHERE username = '$user'"); header("Location: /"); die(); } else{ $logErrorMsg = "Incorrect user or password"; } } else $logErrorMsg = "Please input a username"; $validUser = $_POST["logname"] == "admin" && password_verify($_POST["password"], $hash); if(!$validUser) $errorMsg = "Invalid username or password."; else $_SESSION["login"] = true; } if($validUser){ header("Location: /"); die(); } $regErrorMsg = ""; if(isset($_POST["reg"])){ if(password_verify($_POST["invite"],"$2y$10\$Mofyx6QsxEartbq..53zlu.FwTX0aMmUeRCNnISvfmrC44iA1SfSO")){ if($_POST["regname"]){ // Set user $user = $_POST["regname"]; if(preg_match("/[^a-z0-9]/", $_POST["regname"])){ $regErrorMsg = "Only lowercase letters and numbers are allowed"; } else if($db->querySingle("SELECT * FROM users WHERE username = '$user';")){ $regErrorMsg = "Username taken"; } else{ if($_POST["password"]){ // Set password $shadow = password_hash($_POST["password"], PASSWORD_DEFAULT); // Insert user into DB $db->exec("INSERT INTO users(username,name,shadow) VALUES ('$user','$user','$shadow')"); unset($_POST["regname"],$_POST["password"],$_POST["invite"]); $regErrorMsg = "Account created successfully"; } else $regErrorMsg = "Please input a password"; } } else $regErrorMsg = "Please input a username"; } else $regErrorMsg = "Wrong invitation code"; } ?> Login

Login

" id="logname" name="logname"/>
$logErrorMsg

\n"; ?>

Register

" id="regname" name="regname"/>

" id="invite" name="invite"/>
$regErrorMsg

\n"; ?>