public function auth($email, $password, $type)
{
$_link = $this->getDBH();
if ($email != '' && $password != '' && $type != '') {
$query = $_link->prepare('SELECT * FROM `users` WHERE `email` = :email');
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query->execute();
$res = $query->fetch(PDO::FETCH_ASSOC);
if ($type == 'returning_user') {
if ($this->site_settings('allow_user_sign_in') == 0) {
echo 'Unfortunately the sign in function has been disabled by staff';
} else {
if ($query->rowCount() > 0) {
if (password_verify($password, $res['password'])) {
if ($res['allowed'] != 0) {
echo 'Your account seems to be locked by an adminstrator.';
} else {
$date = new DateTime();
$date = $date->getTimestamp();
$ip_address = $_SERVER['REMOTE_ADDR'];
$query = $_link->prepare('UPDATE `users` SET `last_login` = :login, `most_recent_ip` = :ip WHERE `id` = :id');
$query->bindParam(':login', $date, PDO::PARAM_STR);
$query->bindParam(':ip', $ip_address, PDO::PARAM_STR);
$query->bindParam(':id', $res['id'], PDO::PARAM_INT);
$query->execute();
setcookie('user', $res['id'], time() + 999999, '/');
echo 'success';
}
} else {
echo 'Incorrect password.';
}
} else {
echo 'That email address has not been registered with us.';
}
}
} else {
if ($type == 'new_user') {
$date = new DateTime();
$date = $date->getTimestamp();
if ($this->site_settings('allow_new_user_register') == 0) {
echo 'Unfortunately the registration function has been disabled by staff';
} else {
$time = new time();
if ($this->site_settings('enable_protection') == 1 && $time->registration_time($_SERVER['REMOTE_ADDR'])) {
echo 'Unfortunately you can only create an account every 24 hours from one ip address.';
} else {
if ($query->rowCount() < 1) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$options = ['cost' => 12];
$password = password_hash($password, PASSWORD_BCRYPT, $options);
$url = "";
$nickname = explode('@', $email);
$ip_address = $_SERVER['REMOTE_ADDR'];
$query = $_link->prepare('INSERT INTO `users`() VALUES(NULL, :email, :password, :date, :nick, 0, :login, :url, 0, :ip)');
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query->bindParam(':password', $password, PDO::PARAM_STR);
$query->bindParam(':date', $date, PDO::PARAM_STR);
$query->bindParam(':nick', $nickname[0], PDO::PARAM_STR);
$query->bindParam(':login', $date, PDO::PARAM_STR);
$query->bindParam(':url', $url, PDO::PARAM_STR);
$query->bindParam(':ip', $ip_address, PDO::PARAM_STR);
$query->execute();
$query = $_link->prepare('INSERT INTO `registrations`() VALUES(NULL, :ip, :date)');
$query->bindParam(':ip', $ip_address, PDO::PARAM_STR);
$query->bindParam(':date', $date, PDO::PARAM_STR);
$query->execute();
$query = $_link->prepare('SELECT * FROM `users` WHERE `email` = :email');
$query->bindParam(':email', $email, PDO::PARAM_STR);
$query->execute();
$res = $query->fetch(PDO::FETCH_ASSOC);
if ($res['id'] == 1) {
$query = $_link->prepare('UPDATE `users` SET `user_group` = 1 WHERE `id` = :id');
$query->bindParam(':id', $res['id'], PDO::PARAM_INT);
$query->execute();
}
setcookie('user', $res['id'], time() + 999999, '/');
echo 'success';
} else {
echo 'The email address you have entered is invalid.';
}
} else {
echo 'That email address is already registered with us.';
}
}
}
}
}
} else {
echo 'Please fill in all fields.';
}
}
