tlm/login.php

<?php
  include "config.php";
  include "helper.php";

  if (is_logged_in()) {
    header("Location: index.php");
    exit();
  }

  $u = "";
  $p = "";

  if ($_SERVER["REQUEST_METHOD"] === "POST") {
    $u = strtolower(str_replace(" ", "", $_POST["username"]));
    $p = $_POST["password"];

    if (!($u && $p)) {
      $err = $lang["account"]["errors"]["bad_request"];
    } else if (strlen($u) > 64 || strlen($u) === 0) {
      $err = $lang["account"]["errors"]["username_length"];
    } else if (!preg_match("/^[a-z0-9_-]{1,64}$/", $u)) {
      $err = $lang["account"]["errors"]["username_characters"];
    } else {
      $query = "SELECT password_hash FROM users WHERE username='$u' LIMIT 1;";

      $response = pg_query($db, $query);

      if (pg_num_rows($response) === 0) {
        $err = str_replace("%u", htmlspecialchars($u), $lang["account"]["errors"]["user_not_found"]);
      } else {
        $user = pg_fetch_array($response);
        if (password_verify($p, $user["password_hash"])) {
          $token = get_token($u, $user["password_hash"]);
          setcookie(
            "token", $token,
            time() + 60 * 60 * 24 * 265 // 1 year from now
          );
          header("Location: index.php");
          exit();
        } else {
          $err = $lang["account"]["errors"]["incorrect_password"];
        }
      }
    }
  }

  $title = $lang["account"]["log_in"];
  include "boilerplate/head.php";
?>

<form method="POST">
  <div><input placeholder="<?php echo $lang["account"]["username"]; ?>" name="username" value="<?php echo htmlspecialchars($u); ?>" maxlength="64" required></div>
  <div><input placeholder="<?php echo $lang["account"]["password"]; ?>" name="password" type="password" value="<?php echo htmlspecialchars($p); ?>" required></div>
  <div><input type="submit" value="<?php echo $lang["account"]["log_in"]; ?>"></div>
</form>

<?php
  if ($signups !== false) {
    echo "<p><a href=\"signup.php\">{$lang['account']['sign_up_instead']}</a></p>";
  }

  include "boilerplate/foot.php";
?>