Spaces:

huggingfacejs
/

static-variables

Running

App Files Files Community

static-variables / jweb /ac1 /login.php

fellybikush

Upload 99 files

0dff816 verified 3 months ago

raw

history blame

4.37 kB

	<?php
	// login.php - Enhanced login with session management
	session_start();
	include_once 'db.php';

	// Check if database connection is available
	if (!$db) {
	http_response_code(503);
	echo json_encode(array("success" => false, "message" => "Service temporarily unavailable."));
	exit;
	}

	// Get posted data
	$input = file_get_contents("php://input");
	$data = json_decode($input);

	if (json_last_error() !== JSON_ERROR_NONE) {
	http_response_code(400);
	echo json_encode(array("success" => false, "message" => "Invalid JSON data."));
	exit;
	}

	// Check if data is not empty
	if (!empty($data->email) && !empty($data->password)) {
	// Prepare query
	$query = "SELECT id, username, email, password_hash, tier, package, balance,
	total_deposits, total_withdrawals, rewards, account_status, is_active
	FROM users
	WHERE (username = :credential OR email = :credential) AND is_active = 1";

	$stmt = $db->prepare($query);
	$credential = htmlspecialchars(strip_tags($data->email));
	$stmt->bindParam(":credential", $credential);

	try {
	$stmt->execute();
	} catch(PDOException $e) {
	error_log("Database error: " . $e->getMessage());
	http_response_code(500);
	echo json_encode(array("success" => false, "message" => "Database error occurred."));
	exit;
	}

	if ($stmt->rowCount() == 1) {
	$row = $stmt->fetch(PDO::FETCH_ASSOC);

	// Check account status
	if ($row['account_status'] !== 'active') {
	http_response_code(403);
	echo json_encode(array("success" => false, "message" => "Account is suspended or pending approval."));
	exit;
	}

	// Verify password
	if (password_verify($data->password, $row['password_hash'])) {
	// Create session
	$ip_address = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
	$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
	$session_id = $sessionManager->createSession($row['id'], $ip_address, $user_agent);

	if ($session_id) {
	// Log activity
	$sessionManager->logActivity($row['id'], 'login', 'User logged in successfully', $ip_address, $user_agent);
	$sessionManager->updateLastLogin($row['id']);

	// Set session variables
	$_SESSION['user_id'] = $row['id'];
	$_SESSION['username'] = $row['username'];
	$_SESSION['email'] = $row['email'];
	$_SESSION['tier'] = $row['tier'];
	$_SESSION['package'] = $row['package'];
	$_SESSION['balance'] = $row['balance'];
	$_SESSION['total_deposits'] = $row['total_deposits'];
	$_SESSION['total_withdrawals'] = $row['total_withdrawals'];
	$_SESSION['rewards'] = $row['rewards'];
	$_SESSION['session_id'] = $session_id;
	$_SESSION['logged_in'] = true;
	$_SESSION['login_time'] = time();

	http_response_code(200);
	echo json_encode(array(
	"success" => true,
	"message" => "Login successful.",
	"redirect" => "src/pages/index.php",
	"user_data" => [
	"user_id" => $row['id'],
	"username" => $row['username'],
	"email" => $row['email'],
	"tier" => $row['tier'],
	"package" => $row['package'],
	"balance" => $row['balance']
	]
	));
	} else {
	http_response_code(500);
	echo json_encode(array("success" => false, "message" => "Session creation failed."));
	}
	} else {
	http_response_code(401);
	echo json_encode(array("success" => false, "message" => "Invalid password."));
	}
	} else {
	http_response_code(404);
	echo json_encode(array("success" => false, "message" => "User not found or account inactive."));
	}
	} else {
	http_response_code(400);
	echo json_encode(array("success" => false, "message" => "Unable to login. Data is incomplete."));
	}
	?>