// Apply form element filters. $form->applyFilter('__ALL__', 'escape_data'); $email = $form->exportValue('email'); $rand_chars = $_SESSION['rand_chars']; unset($_SESSION['rand_chars']); foreach ($rand_chars as $key => $value) { $password[$value] = $form->exportValue('pwd' . $key); } // If user exists then login user else display form. $sql = $this->registry->db->query("\n\t\tSELECT user_id, CONCAT(first_name, ' ', last_name) AS name, user_group, password, iv\n\t\tFROM " . $this->registry->user . "users\n\t\tNATURAL JOIN " . $this->registry->user . "user_groups\n\t\tWHERE email = :email\n\t\tAND user_group='registered'\n\t", array(':email' => $email)); $num_rows = count($sql); if ($num_rows == 1) { // login user. $row = $sql[0]; // decrypt password. $decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv); // split the password for checking. $decrypted = str_split($decrypted); // check password against the characters submitted foreach ($password as $key => $value) { $pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false; } // did it pass? $validated = true; foreach ($pwd_validate as $value) { if (!$value) { $validated = false; } } if ($validated) { session_regenerate_id();