MastodonStartpage/web/mustard/login.php

<?php

require('include/glob.php');
require('include/muoribene.php');

function hspech($str) {
	return(htmlspecialchars($str,ENT_QUOTES|ENT_HTML5,'UTF-8'));
}

$btl='<a href="index.php">Back to login</a>';

$errs='';

if (!array_key_exists('email',$_POST) || trim($_POST['email'])=='')
	$errs.='You didn’t specify your email.<br>'.N;
if (!array_key_exists('password',$_POST) || trim($_POST['password'])=='')
	$errs.='You didn’t specify your password.<br>'.N;
if ($errs!='') muoribene($errs.$btl,false);

require('include/myconn.php');

$res=mysqli_query($link,'SELECT * FROM Admins WHERE Email=\''.mysqli_real_escape_string($link,$_POST['email']).'\'')
	or muoribene(__LINE__.': '.mysqli_error($link).'<br>'.$btl,true);
mysqli_close($link);
if (mysqli_num_rows($res)>1)
	muoribene('There’s more than one account with Email=«'.hspech($_POST['email']).'»!<br>'.$btl,false);
$row=mysqli_fetch_assoc($res);
if (mysqli_num_rows($res)<1 || !password_verify($_POST['password'],$row['Password']))
	muoribene('Unknown email or wrong password.<br>'.$btl,false);
if ($row['Enabled']==0)
	muoribene('Your account is not enabled.<br>'.$btl,false);

session_name('mustard');
session_start();
$_SESSION['AdmID']=$row['ID'];

if ($row['Level']=='guest')
	header('Location: guestinsts.php');
else
	header('Location: instances.php');

?>