if (isset($_POST['login'])) { $login = (array) json_decode(base64_decode($_POST['login'])); if ($field = Submission::checkFields(array("username", "password"), $login)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } if (Settings::i()->captcha_private) { if (!isset($login['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); } } $key = Crypto::GenerateKey($login['username']); $find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key)))); if ($find !== false) { if (!is_array($find)) { $iv = base64_decode(base64_decode($find->iv)); $password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $login['password']))); $find = DbManager::i()->select("sf_members", array("userid"), array("password" => $password)); if ($find !== false && !is_array($find)) { echo Submission::createResult("login successful", true); $_SESSION['login'] = 1; $_SESSION['userid'] = $find->userid; $find = DbManager::i()->select("sf_carts", array("cart"), array("userid" => $find->userid)); if ($find !== false && !is_array($find)) { //cart already exists for user if ($find->cart != "e30=" && strlen($find->cart) != 4) { //not empty cart - overwrite with saved one from DB
die(Submission::createResult("Passwords do not match")); } } if (!is_null(Settings::i()->captcha_private)) { if (!isset($registration['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); } } $u = $registration['username']; $iv = Crypto::GenerateIV(); $key = Crypto::GenerateKey($u); $username = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $u))); $find = DbManager::i()->select("sf_members", array("userid"), array("key" => base64_encode(base64_encode($key)))); if ($find && count($find) > 0) { die(Submission::createResult("Username is already taken")); } $pw = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['password']))); $email = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['email']))); $ip = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $_SERVER['REMOTE_ADDR']))); $key = base64_encode(base64_encode($key)); $iv = base64_encode(base64_encode($iv)); $reg_date = date("Y-m-d"); $insert = DbManager::i()->insert("sf_members", array("username", "email", "password", "key", "iv", "register_date", "ip"), array($username, $email, $pw, $key, $iv, $reg_date, $ip)); if ($insert) { Logger::i()->writeLog("Account created with username: {$u}"); die(Submission::createResult("Your account has been created successfully", true));