= 3600)) {
// If never failed or more than 1 hour has passed, reset login failures.
$_SESSION['loginfailures'] = 0;
} else {
$alertlockoutmessage = "You failed logging in 10 times. To prevent request flooding and hacking attempts, you may not log in or create an account for about an hour.\\n\\nThe last time this page was loaded, you had been locked out for " . time_elapsed(time() - $_SESSION['loginlockouttime']);
$hoverlockoutmessage = str_replace("\\n", "\n", $alertlockoutmessage);
}
if (isset($_GET['logout']) && $current_user > 0) {
session_destroy();
header('Location: ./?loggedout');
}
elseif (isset($_GET['login']) && $current_user <= 0) {
if (isset($_POST['email']) && isset($_POST['password'])) {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
if (EmailExists($_POST['email'])) {
if (Validate_Login($_POST['email'], $_POST['password'])) {
$_SESSION['user'] = Get_User_Id($_POST['email']);
header('Location: ./');
} else {
header('Location: ./?error=loginfailed');
}
} else {
header('Location: ./?error=emaildoesnotexist');
}
} else {
header('Location: ./?error=emailinvalid');
}
} else {
header('Location: ./?error=loginemailorpasswordblank');
}
}
elseif (isset($_GET['createaccount'])) {
if (isset($_POST['email']) && isset($_POST['password'])) {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !EmailExists($_POST['email'])) {
if (query("INSERT INTO users (email, password, public_name, allow_email) VALUES ('" . $_POST['email'] . "','" . crypt($_POST['password'], $_POST['email']) . "','" . htmlspecialchars($_POST['publicname'], ENT_QUOTES) . "'," . (($_POST['allowemails'] != "on") ? 0 : 1) . ")")) {
header('Location: ./?success');
} else {
header('Location: ./?error=couldnotcreate');
}
} else {
header('Location: ./?error=emailcreateinvalid');
}
} else {
header('Location: ./?error=createemailorpasswordblank');
}
}
elseif (isset($_GET['error']) && $current_user <= 0) {
if ($_GET['error'] == "couldnotcreate") {
$notificationMessage = "Could not create account.
Please try again later.";
} elseif ($_GET['error'] == "emailcreateinvalid") {
$notificationMessage = "The email address used to create your account didn't work.
Please try another.";
} elseif ($_GET['error'] == "createemailorpasswordblank") {
$notificationMessage = "The create account form somehow got submitted without some essential information.
Please try filling it out again.";
} elseif ($_GET['error'] == "loginfailed") {
$notificationMessage = "We couldn't log you in because your email or password was incorrect.
";
$_SESSION['loginfailures'] += 1;
if ($_SESSION['loginfailures'] < 10) {
$notificationMessage .= "This is your " . ordinal($_SESSION['loginfailures']) . " time. Please try again.";
} else {
$_SESSION['loginlockouttime'] = time();
$notificationMessage .= "Since you failed to log in successfully 10 times, you may not try again for about an hour.";
}
} elseif ($_GET['error'] == "emaildoesnotexist") {
$notificationMessage = "The email address you entered doesn't have an account.
Would you like to create an account?";
} elseif ($_GET['error'] == "emailinvalid") {
$notificationMessage = "The email address you entered didn't work.
Please try another.";
} else {
$notificationMessage = "Something seems to have gone wrong, but I don't know what.
Please try again.";
}
}
elseif (isset($_GET['success']) && $current_user <= 0) {
$notificationMessage = "Your account was created successfully!
Please log in using the email address and password you used to create it and you can start accessing your dictionaries anywhere!";
}
elseif (isset($_GET['loggedout']) && $current_user <= 0) {
$notificationMessage = "You have been successfully logged out.
You will only be able to use the dictionary saved to your browser.";
} elseif ($current_user > 0) {
$notificationMessage = "Welcome back, " . Get_Public_Name($current_user) . "!";
}
?>