pics/controllers/Login.php

<?php
/*****************************************************************************
 * Login.php
 * Contains the controller for logging the user in.
 *
 * Kabuki CMS (C) 2013-2015, Aaron van Geffen
 *****************************************************************************/

class Login extends HTMLController
{
	public function __construct()
	{
		// No need to log in twice, dear heart!
		if (Registry::get('user')->isLoggedIn())
		{
			header('Location: ' . BASEURL . '/');
			exit;
		}

		// Sanity check
		$login_error = false;
		if (isset($_POST['emailaddress'], $_POST['password']))
		{
			if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
			{
				parent::__construct('Login');
				$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);

				if (isset($_POST['redirect_url']))
					header('Location: ' . base64_decode($_POST['redirect_url']));
				elseif (isset($_SESSION['login_url']))
				{
					header('Location: ' . $_SESSION['login_url']);
					unset($_SESSION['login_url']);
				}
				else
					header('Location: ' . BASEURL . '/');
				exit;
			}
			else
				$login_error = true;
		}

		parent::__construct('Log in - ' . SITE_TITLE);
		$form = new LogInForm('Log in');
		if ($login_error)
			$form->adopt(new Alert('', 'Invalid email address or password.', 'danger'));

		// Tried anything? Be helpful, at least.
		if (isset($_POST['emailaddress']))
			$form->setEmail($_POST['emailaddress']);

		// A message from the past/present/future?
		if (isset($_SESSION['login_msg']))
		{
			$form->adopt(new Alert($_SESSION['login_msg'][0], $_SESSION['login_msg'][1], $_SESSION['login_msg'][2]));
			unset($_SESSION['login_msg']);
		}

		// Going somewhere?
		if (!empty($_GET['redirect']) && ($url = base64_decode($_GET['redirect'])))
		{
			$_SESSION['login_url'] = $url;
			$form->setRedirectUrl($url);
		}

		$this->page->adopt($form);
	}
}