Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
47 lines (40 sloc) 1.35 KB
<?php
session_start();
try {
// Get email address from request body
$email = filter_input(INPUT_POST, 'email');
// Get password from request body
$password = filter_input(INPUT_POST, 'password');
// Find account with email address (THIS IS PSUEDO-CODE)
$user = User::findByEmail($email);
// Verify password with account password hash
if (password_verify($password, $user->password_hash) === false) {
throw new Exception('Invalid password');
}
// Re-hash password if necessary (see note below)
$currentHashAlgorithm = PASSWORD_DEFAULT;
$currentHashOptions = array('cost' => 15);
$passwordNeedsRehash = password_needs_rehash(
$user->password_hash,
$currentHashAlgorithm,
$currentHashOptions
);
if ($passwordNeedsRehash === true) {
// Save new password hash (THIS IS PSUEDO-CODE)
$user->password_hash = password_hash(
$password,
$currentHashAlgorithm,
$currentHashOptions
);
$user->save();
}
// Save login status to session
$_SESSION['user_logged_in'] = 'yes';
$_SESSION['user_email'] = $email;
// Redirect to profile page
header('HTTP/1.1 302 Redirect');
header('Location: /user-profile.php');
} catch (Exception $e) {
header('HTTP/1.1 401 Unauthorized');
echo $e->getMessage();
}