0) {
session_destroy();
header('Location: ./index2.php?loggedout');
}
elseif (isset($_GET['login'])) {
if (isset($_POST['email']) && isset($_POST['password'])) {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
if (EmailExists($_POST['email'])) {
if (Validate_Login($_POST['email'], $_POST['password'])) {
$_SESSION['user'] = Get_User_Id($_POST['email']);
header('Location: ./index2.php');
} else {
header('Location: ./index2.php?error=loginfailed');
}
} else {
header('Location: ./index2.php?error=emaildoesnotexist');
}
} else {
header('Location: ./index2.php?error=emailinvalid');
}
} else {
header('Location: ./index2.php?error=loginemailorpasswordblank');
}
}
elseif (isset($_GET['createaccount'])) {
if (isset($_POST['email']) && isset($_POST['password'])) {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !EmailExists($_POST['email'])) {
if (query("INSERT INTO users (email, password, public_name, allow_email) VALUES ('" . $_POST['email'] . "','" . crypt($_POST['password'], $_POST['email']) . "','" . htmlspecialchars($_POST['publicname'], ENT_QUOTES) . "'," . (($_POST['allowemails'] != "on") ? 0 : 1) . ")")) {
header('Location: ./index2.php?success');
} else {
header('Location: ./index2.php?error=couldnotcreate');
}
} else {
header('Location: ./index2.php?error=emailcreateinvalid');
}
} else {
header('Location: ./index2.php?error=createemailorpasswordblank');
}
}
elseif (isset($_GET['error'])) {
if ($_GET['error'] == "couldnotcreate") {
$notificationMessage = "Could not create account.
Please try again later.";
} elseif ($_GET['error'] == "emailcreateinvalid") {
$notificationMessage = "The email address used to create your account didn't work.
Please try another.";
} elseif ($_GET['error'] == "createemailorpasswordblank") {
$notificationMessage = "The create account form somehow got submitted without some essential information.
Please try filling it out again.";
} elseif ($_GET['error'] == "loginfailed") {
$notificationMessage = "We couldn't log you in because your email or password was incorrect.
";
if (!isset($_SESSION['loginfailures']) || (isset($_SESSION['loginlockouttime']) && time() - $_SESSION['loginlockouttime'] > 3600)) {
// If never failed or more than 1 hour has passed, reset login failures.
$_SESSION['loginfailures'] = 0;
}
$_SESSION['loginfailures'] += 1;
if ($_SESSION['loginfailures'] < 10) {
$notificationMessage .= "This is your " . $_SESSION['loginfailures'] . " time. Please try again.";
} else {
$_SESSION['loginlockouttime'] = time();
$notificationMessage .= "Since you failed to log in successfully 10 times, you may not try again for about an hour.";
}
} elseif ($_GET['error'] == "emaildoesnotexist") {
$notificationMessage = "The email address you entered doesn't have an account.
Would you like to create an account?";
} elseif ($_GET['error'] == "emailinvalid") {
$notificationMessage = "The email address you entered didn't work.
Please try another.";
} else {
$notificationMessage = "Something seems to have gone wrong, but I don't know what.
Please try again.";
}
}
elseif (isset($_GET['success'])) {
$notificationMessage = "Your account was created successfully!
Please log in using the email address and password you used to create it and you can start accessing your dictionaries anywhere!";
}
elseif (isset($_GET['loggedout'])) {
$notificationMessage = "You have been successfully logged out.
You will only be able to use the dictionary saved to your browser.";
}
?>