| 1 | <?php
|
|---|
| 2 | require_once('./inc/common.php');
|
|---|
| 3 |
|
|---|
| 4 | /**
|
|---|
| 5 | * Is the user submitted the form, fetch the user with those credentials.
|
|---|
| 6 | */
|
|---|
| 7 | if (($_SERVER['REQUEST_METHOD'] == 'POST')) {
|
|---|
| 8 | $sql = '
|
|---|
| 9 | select reviewer_id, reviewer_name
|
|---|
| 10 | from reviewer
|
|---|
| 11 | where reviewer_email = :email and reviewer_password = :password';
|
|---|
| 12 | $stm = $conn->prepare($sql);
|
|---|
| 13 | $stm->execute([
|
|---|
| 14 | ':email' => strip_tags($_REQUEST["email"]),
|
|---|
| 15 | ':password' => strip_tags($_REQUEST["password"]),
|
|---|
| 16 | ]);
|
|---|
| 17 | $user = $stm->fetch();
|
|---|
| 18 |
|
|---|
| 19 | /**
|
|---|
| 20 | * If such user exists, create a temporary session (i.e. log the user in) and redirect to the Home page with the appropriate message.
|
|---|
| 21 | */
|
|---|
| 22 | if ($user) {
|
|---|
| 23 | $_SESSION['is_reviewer'] = true;
|
|---|
| 24 | $_SESSION['reviewer_id'] = $user['reviewer_id'];
|
|---|
| 25 | $_SESSION['reviewer_name'] = $user['reviewer_name'];
|
|---|
| 26 | header('Location: /?msg=logged_in');
|
|---|
| 27 | exit;
|
|---|
| 28 | } else {
|
|---|
| 29 | /**
|
|---|
| 30 | * If the credentials are not correct, still render the login form, but display an error message. For increased security, do not inform the user whether the email or password is incorrect.
|
|---|
| 31 | */
|
|---|
| 32 | $err = 'The provided credentials are incorrect.';
|
|---|
| 33 | }
|
|---|
| 34 | }
|
|---|
| 35 |
|
|---|
| 36 | $pageTitle = 'Sign in';
|
|---|
| 37 | $pageSlug = 'login';
|
|---|
| 38 |
|
|---|
| 39 | require_once('./inc/head.php');
|
|---|
| 40 | require_once('./inc/header.php');
|
|---|
| 41 | ?>
|
|---|
| 42 | <div class="container">
|
|---|
| 43 | <h1 class="mt-5 text-center"><?= $pageTitle ?></h1>
|
|---|
| 44 |
|
|---|
| 45 | <div class="row justify-content-center mt-5">
|
|---|
| 46 | <div class="col-md-8 col-lg-6 col-xl-5">
|
|---|
| 47 | <div class="card shadow-sm p-3">
|
|---|
| 48 | <?php if ((isset($err)) && (! empty($err))) { ?>
|
|---|
| 49 | <div class="alert alert-danger" role="alert"><?= $err ?></div>
|
|---|
| 50 | <?php } ?>
|
|---|
| 51 |
|
|---|
| 52 | <form action="?" method="POST">
|
|---|
| 53 | <div class="mb-3">
|
|---|
| 54 | <label for="email" class="form-label">Email</label>
|
|---|
| 55 | <input type="email" id="email" name="email" class="form-control" value="<?= (isset($_REQUEST["email"])) ? strip_tags($_REQUEST["email"]) : '' ?>" aria-describedby="emailHelp" required>
|
|---|
| 56 | <div id="emailHelp" class="form-text">Enter your email address.</div>
|
|---|
| 57 | </div>
|
|---|
| 58 | <div class="mb-3">
|
|---|
| 59 | <label for="password" class="form-label">Password</label>
|
|---|
| 60 | <input type="password" id="password" name="password" class="form-control" minlength="2" required>
|
|---|
| 61 | </div>
|
|---|
| 62 | <button type="submit" class="btn btn-success">Submit</button>
|
|---|
| 63 | </form>
|
|---|
| 64 | </div>
|
|---|
| 65 | </div>
|
|---|
| 66 | </div>
|
|---|
| 67 | </div>
|
|---|
| 68 | <?php
|
|---|
| 69 | require_once('./inc/footer.php');
|
|---|
