<?php
session_start();
include("../Db.php");
include("../URLs.php");
include("CommonFunctions.php");
class Login {
protected $email;
protected $password;
function __construct($email, $password) {
include("Sanitize.php");
$this->email = strtolower(Sanitize::clean($email));
$this->password = Sanitize::clean($password);
$this->password = CommonFunctions::hashPass($this->password);
$this->checkLogin();
}
protected function checkLogin() {
$result = mysql_query("SELECT * FROM Users WHERE email='$this->email' AND password='$this->password' LIMIT 1");
if (mysql_num_rows($result) == 1) {
$resultObj = mysql_fetch_object($result);
$this->userID = $resultObj->id;
$_SESSION['userID'] = $this->userID;
if (isset($_SERVER['HTTP_REFERER'])) {
if ($_SERVER['HTTP_REFERER'] == DOMAIN . 'login.php' || $_SERVER['HTTP_REFERER'] == DOMAIN . 'register.php') {
header("Location: " . MYACCOUNT);
} else {
header("Location: ". $_SERVER['HTTP_REFERER']);
}
} else {
header("Location: ". MYACCOUNT);
}
exit;
} else {
echo 'Incorrect user/pass';
exit();
}
}
}
$login = new Login($_POST['email'], $_POST['password']);
?>