private function login($email, $password)
{
global $con;
if (isset($email) && isset($password)) {
$loggedin = false;
$user_query = mysqli_query($con, "SELECT * FROM usr");
while ($user = mysqli_fetch_array($user_query)) {
if (strlen(trim($user["password"])) >= SALT_LEN) {
$current_user_salt = return_salt(trim($user["password"]));
$given_pw_hashed = hash_password($password, $current_user_salt);
if (trim($user["password"]) === trim($given_pw_hashed) && trim($email) === trim($user["email"])) {
$loggedin = true;
$_SESSION["userid"] = $user["id"];
$userUpdate = new User(array("action" => "update", "fields" => array("last_login" => time(), "active" => "1", "last_location" => json_encode(get_location()))));
$userUpdate->run(true);
switch (trim($user["status"])) {
case 0:
return 101;
break;
case 1:
return 102;
break;
case 2:
return 100;
break;
}
}
}
}
if (!$loggedin) {
return 0;
}
} else {
return 401;
}
}
//Includ everything
include_once $_SERVER["DOC_ROOT"] . "/scripts/php/core.php";
//If the password was not specified...
if ($_POST["current"] == "" || $_POST["password"] == "" || $_POST["repeat_password"] == "") {
//...throw an error
echo 105;
exit;
} else {
if ($_POST["password"] != $_POST["repeat_password"]) {
//...throw an error
echo 105;
exit;
} else {
$user_get_call = new User(array("action" => "get", "id" => $_SESSION["userid"]));
$user_info = $user_get_call->run(true);
$user_info = $user_info[0];
$current_salt = return_salt($user_info["password"]);
$hashed_password = hash_password($_POST["current"], $current_salt);
if ($hashed_password != $user_info["password"]) {
echo 105;
exit;
} else {
//Update the user's password
$thisUser = new User(array("action" => "update", "fields" => array("password" => $_POST["password"])));
$thisUser->run(true);
//Redirect and exit
echo 200;
exit;
}
}
}
