File size: 4,369 Bytes
0dff816 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
<?php
// login.php - Enhanced login with session management
session_start();
include_once 'db.php';
// Check if database connection is available
if (!$db) {
http_response_code(503);
echo json_encode(array("success" => false, "message" => "Service temporarily unavailable."));
exit;
}
// Get posted data
$input = file_get_contents("php://input");
$data = json_decode($input);
if (json_last_error() !== JSON_ERROR_NONE) {
http_response_code(400);
echo json_encode(array("success" => false, "message" => "Invalid JSON data."));
exit;
}
// Check if data is not empty
if (!empty($data->email) && !empty($data->password)) {
// Prepare query
$query = "SELECT id, username, email, password_hash, tier, package, balance,
total_deposits, total_withdrawals, rewards, account_status, is_active
FROM users
WHERE (username = :credential OR email = :credential) AND is_active = 1";
$stmt = $db->prepare($query);
$credential = htmlspecialchars(strip_tags($data->email));
$stmt->bindParam(":credential", $credential);
try {
$stmt->execute();
} catch(PDOException $e) {
error_log("Database error: " . $e->getMessage());
http_response_code(500);
echo json_encode(array("success" => false, "message" => "Database error occurred."));
exit;
}
if ($stmt->rowCount() == 1) {
$row = $stmt->fetch(PDO::FETCH_ASSOC);
// Check account status
if ($row['account_status'] !== 'active') {
http_response_code(403);
echo json_encode(array("success" => false, "message" => "Account is suspended or pending approval."));
exit;
}
// Verify password
if (password_verify($data->password, $row['password_hash'])) {
// Create session
$ip_address = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
$session_id = $sessionManager->createSession($row['id'], $ip_address, $user_agent);
if ($session_id) {
// Log activity
$sessionManager->logActivity($row['id'], 'login', 'User logged in successfully', $ip_address, $user_agent);
$sessionManager->updateLastLogin($row['id']);
// Set session variables
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['tier'] = $row['tier'];
$_SESSION['package'] = $row['package'];
$_SESSION['balance'] = $row['balance'];
$_SESSION['total_deposits'] = $row['total_deposits'];
$_SESSION['total_withdrawals'] = $row['total_withdrawals'];
$_SESSION['rewards'] = $row['rewards'];
$_SESSION['session_id'] = $session_id;
$_SESSION['logged_in'] = true;
$_SESSION['login_time'] = time();
http_response_code(200);
echo json_encode(array(
"success" => true,
"message" => "Login successful.",
"redirect" => "src/pages/index.php",
"user_data" => [
"user_id" => $row['id'],
"username" => $row['username'],
"email" => $row['email'],
"tier" => $row['tier'],
"package" => $row['package'],
"balance" => $row['balance']
]
));
} else {
http_response_code(500);
echo json_encode(array("success" => false, "message" => "Session creation failed."));
}
} else {
http_response_code(401);
echo json_encode(array("success" => false, "message" => "Invalid password."));
}
} else {
http_response_code(404);
echo json_encode(array("success" => false, "message" => "User not found or account inactive."));
}
} else {
http_response_code(400);
echo json_encode(array("success" => false, "message" => "Unable to login. Data is incomplete."));
}
?> |