getToken(); $_SESSION['token'] = $csrf; } else { $csrf = $db->clean($_SESSION['token'],'encode'); } $submit = true; if(isset($_POST["csrf"])) { if(isset($_POST["csrf"]) != '') { $csrf_post = $db->clean($_POST["csrf"],'encode');; } else { $submit = false; $reason = "Token is incorrect"; } if($_POST["csrf"] == $csrf) { $csrf_post = $db->clean($_POST["csrf"],'encode');; } else { $submit = false; $reason = "Token is incorrect"; } if(isset($_POST["username"]) != '') { $username = $db->clean($_POST["username"],'encode'); } else { $submit = false; $reason = "Username cannot be empty"; } if(isset($_POST["password"]) != '') { $password = $db->clean($_POST["password"],'encode'); } else { $submit = false; $reason = "Password cannot be empty"; } if($submit == true) { $userprofile = []; $result = []; $stmt = $mysqli->prepare("SELECT id,username,email,password FROM profile where username = ? LIMIT 1"); $params = array("s",$username); foreach($params as $key => $value) $userprofile[$key] = &$params[$key]; call_user_func_array(array($stmt, 'bind_param'), $userprofile); $stmt->execute(); if($stmt->error) { echo $stmt->error; } $query = $stmt->get_result(); while($row = $query->fetch_array(MYSQLI_ASSOC)) { $result[] = $row; } $stmt->close(); if(count($result) >= 1 && password_verify($password, $result[0]['password'])) { $resultmessage = "Success. Have fun on Twigpage!"; $_SESSION['uid'] = $db->intcast($result[0]['id']); $_SESSION['profile'] = $result[0]; $_SESSION['loggedin'] = '1'; header("Location: profile/"); exit; } else { $submit = false; $reason = "Login details are incorrect."; } } } ?>

"; } elseif(isset($resultmessage)) { echo ""; } else {} if(!isset($resultmessage)) { if($_REQUEST['mobile']) { $formadd = '?mobile=true'; } ?>