require_once __DIR__ . '/../includes/mysqli_connect.php';
require_once __DIR__ . '/../includes/functions.php';
session_start();
$username = strip_tags($_POST['username']);
$password = hash("sha256", $_POST['password']);
$timestamp = date('Y-m-d H:i:s');
//Check for a record that matches the POSTed credentials
$query = "SELECT * FROM users WHERE username = '******'";
$result = $mysqli->query($query);
$user = mysqli_fetch_assoc($result);
if ($result->num_rows == 0) {
echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> Sorry, this username does not exist.</span>";
} else {
if ($user['password'] != $password) {
echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> Sorry, this password is incorrect.</span>";
} else {
if ($user['active'] != 1) {
echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> You need to activate your account first!</span>";
}
}
}
if ($result->num_rows == 1 && $user['active'] == 1) {
$_SESSION['user'] = $username;
if (strlen($user['fb_id']) > 0) {
$_SESSION['fbId'] = $user['fb_id'];
}
mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$user['id']}, 'login', '{$timestamp}')");
if ($_POST['rememberme']) {
onLogin($user['id']);
}
}
function checkFbUser($fbId, $fbFirstName, $fbLastName, $fbEmail, $userId)
{
$mysqli = getMysqli();
$image = "//graph.facebook.com/{$fbId}/picture";
$timestamp = date('Y-m-d H:i:s');
if ($mysqli->query("SELECT * FROM users WHERE fb_id = '{$fbId}'")->num_rows !== 0) {
// we have this user. just log him in, and update his info
if ($userId) {
$respCode = 1;
} else {
$updateQuery = "UPDATE users SET fb_fname='{$fbFirstName}', fb_lname='{$fbLastName}' WHERE fb_id='{$fbId}'";
//$updateQuery = "UPDATE users SET fb_name='$fbFullName' WHERE fb_id='$fbId'";
mysqli_query($mysqli, $updateQuery);
$userId = mysqli_fetch_assoc($mysqli->query("SELECT id, username FROM users WHERE fb_id='{$fbId}'"));
mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId['id']}, 'fb_login', '{$timestamp}')");
onLogin($userId['id']);
if (strlen($userId['username']) > 0) {
session_start();
$_SESSION['user'] = $userId['username'];
}
}
} else {
if ($userId) {
// we have a user, but no facebook information. update it
$updateQuery = "UPDATE users SET fb_id='{$fbId}', fb_fname='{$fbFirstName}', fb_lname='{$fbLastName}', image='{$image}'" . (strlen($fbEmail) > 0 ? ", email='{$fbEmail}'" : "") . " WHERE id={$userId}";
mysqli_query($mysqli, $updateQuery);
mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId}, 'fb_login', '{$timestamp}')");
$respCode = 2;
} else {
// we don't have this user. Add him to the DB, make him active
$fbEmail = strlen($fbEmail) > 0 ? "'{$fbEmail}'" : "NULL";
$hash = md5(rand(0, 1000));
$createUserQuery = "INSERT INTO users VALUES (NULL, NULL, NULL, '{$fbId}', '{$fbFirstName}', '{$fbLastName}', {$fbEmail}, '{$image}', 0, 1, 1, '{$hash}', '', '', 1)";
mysqli_query($mysqli, $createUserQuery);
$userId = mysqli_fetch_assoc($mysqli->query("SELECT id FROM users WHERE fb_id='{$fbId}'"))['id'];
mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId}, 'fb_signup', '{$timestamp}')");
//echo $createUserQuery;
}
}
return $respCode ? $respCode : 0;
}
$_POST['login_username'] = $_POST['full_login_username'];
$_POST['login_password'] = $_POST['full_login_password'];
}
if (isset($_POST['login_username']) && isset($_POST['login_password'])) {
// Clean up the post data
$username = strip_tags($_POST['login_username']);
//hash the entered password for comparison with the db
$password = hash("sha256", $_POST['login_password']);
//Check for a record that matches the POSTed credentials
$query = "SELECT * FROM users WHERE username = '******' AND password = '******';";
$result = $mysqli->query($query);
$user = mysqli_fetch_assoc($result);
if ($result && $result->num_rows == 1 && $user['active'] == 1) {
$_SESSION['user'] = $_POST['login_username'];
if (isset($_POST['stay-logged']) || isset($_POST['stay-logged-full'])) {
onLogin($result['id']);
}
}
mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$result['id']}, 'login', '{$timestamp}')");
}
$remembered = rememberMe();
if ($remembered) {
$account = mysqli_fetch_assoc($mysqli->query("SELECT * FROM users WHERE id={$remembered}"));
$_SESSION['user'] = $account['username'];
$_SESSION['fbId'] = $account['fb_id'];
}
if ($loggedIn) {
$fb = isset($_SESSION['fbId']);
$user = isset($_SESSION['user']);
$dbAccountFinder = $fb ? "fb_id='{$_SESSION['fbId']}'" : "username='******'user']}'";
$accountQuery = "SELECT * FROM users WHERE {$dbAccountFinder}";
function doLogin()
{
$user = getP('user');
$pass = getP('pass');
//Config file contents
$configStr = "UserName {$user}\n";
if (!$savePasswordHash) {
$configStr .= "Password <quote>{$pass}<quote>\n";
} else {
$configStr .= "HashedPassword " . getPasswordHash($pass) . "\n";
}
$configFile = getConfigFullName();
//Check if dir structure exists. mkdir if dir does not exist
if (!file_exists($configFile)) {
return '{ "success": false, "message": "Config file not found"}';
}
//Write config file
if (!file_put_contents($configFile, $configStr)) {
return '{ "success": false, "message": "Can not write config file"}';
}
$retriesFRead = 0;
$statusFile = getStatusFullName();
//Check few times if client writes a health file
while (!file_exists($statusFile)) {
$retriesFRead++;
if ($retriesFRead >= 30) {
break;
}
sleep(1);
}
$retriesFRead1 = 0;
$statusFileStr = "";
//Check few times if health file status is successful login
if (file_exists($statusFile)) {
while (strpos($statusFileStr, "login successful") === FALSE) {
$statusFileStr = file_get_contents($statusFile);
$retriesFRead1++;
if ($retriesFRead1 >= 30) {
break;
}
sleep(1);
}
}
if (function_exists('onLogin')) {
onLogin();
}
$failureDetails = "";
if (strpos($statusFileStr, "login successful") !== FALSE) {
return '{ "success": true }';
} else {
if (strpos($statusFileStr, "login failed") !== FALSE) {
$statusFileArr = split("\n", $statusFileStr);
if (is_array($statusFileArr) && count($statusFileArr) > 1) {
$failureDetails = '. ' . ucfirst($statusFileArr[1]);
}
}
}
return '{ "success": false, "message": "Login failed' . $failureDetails . '"}';
}
