/* not being too informative with the login error in case of attackers */
if (!$user->id)
{
- $failmsg = "Incorrect username";
+ $failmsg = "Incorrect login";
}
- else if (password_verify($_POST['password'], $user->passhash))
+ else if ($user->password_verify($_POST['password']))
{
- $_SESSION['id'] = $user->id;
- header('Location: ' . BASE_URL);
+ $_SESSION['id'] = $user->id;
+ header('Location: ' . BASE_URL);
}
else
{
- $failmsg = "Incorrect pass";
+ $failmsg = "Incorrect login";
}
}