// Apply form element filters.
$form->applyFilter('__ALL__', 'escape_data');
$email = $form->exportValue('email');
$rand_chars = $_SESSION['rand_chars'];
unset($_SESSION['rand_chars']);
foreach ($rand_chars as $key => $value) {
$password[$value] = $form->exportValue('pwd' . $key);
}
// If user exists then login user else display form.
$sql = $this->registry->db->query("\n\t\tSELECT user_id, CONCAT(first_name, ' ', last_name) AS name, user_group, password, iv\n\t\tFROM " . $this->registry->user . "users\n\t\tNATURAL JOIN " . $this->registry->user . "user_groups\n\t\tWHERE email = :email\n\t\tAND user_group='registered'\n\t", array(':email' => $email));
$num_rows = count($sql);
if ($num_rows == 1) {
// login user.
$row = $sql[0];
// decrypt password.
$decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
// split the password for checking.
$decrypted = str_split($decrypted);
// check password against the characters submitted
foreach ($password as $key => $value) {
$pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
}
// did it pass?
$validated = true;
foreach ($pwd_validate as $value) {
if (!$value) {
$validated = false;
}
}
if ($validated) {
session_regenerate_id();
