where('user', $username)
->where('pass', $pass_hash)
->find_one();
if ($user) {
if (session_status() != PHP_SESSION_ACTIVE)
session_start();
session_regenerate_id(true);
$_SESSION["owner"] = $username;
$_SESSION["pass_hash"] = sha1($user->pass);
$_SESSION["csrf_token"] = bin2hex(random_bytes(16));
header("Location: index.php");
exit;
} else {
$login_notice = "Incorrect username or password";
}
} else {
logout_user();
}
?>
The Epube