public function indexPage($email, $password, $activationcode, $connect)
{
$db = new db_config();
if (strlen($activationcode) == 0) {
$sql = $db->mquery("EXEC dbo.login\n @email = '" . $email . "',\n @Password = '******'", $connect);
} else {
// with activation
$sql = $db->mquery("EXEC dbo.codeUpdate \n\t\t\t\t\t@userid = '" . $email . "', \n\t\t\t\t\t@code = '" . $activationcode . "', \n\t\t\t\t\t@newpwd = '" . $password . "'", $connect);
}
$num = $db->numhasrows($sql);
$row = $db->fetchobject($sql);
if ($num == 0) {
$data = '<span class="error">Incorrect username or password</span>';
} else {
$data = '';
$idxRec = $db->strip($row->ID);
$firstnameRec = $db->strip($row->firstname);
$lastnameRec = $db->strip($row->lastname);
$typeRec = $db->strip($row->type);
$emailRec = $db->strip($row->email);
$accountNumRec = $db->strip($row->acct_no);
$userID = $db->strip($row->ID);
$terms_flag = $db->strip($row->terms_flag);
if ($terms_flag != 1) {
session_start();
session_regenerate_id();
$_SESSION['sess_user_id'] = $db->random_value();
$_SESSION['idx'] = $idxRec;
$_SESSION['first_name'] = $firstnameRec;
$_SESSION['last_name'] = $lastnameRec;
$_SESSION['full_name'] = $firstnameRec . ' ' . $lastnameRec;
$_SESSION['email'] = $emailRec;
$_SESSION['account_num'] = $accountNumRec;
$_SESSION['terms_flag'] = $terms_flag;
session_write_close();
echo '<script>showModalTerms();</script>';
} else {
session_start();
session_regenerate_id();
$_SESSION['sess_user_id'] = $db->random_value();
$_SESSION['idx'] = $idxRec;
$_SESSION['first_name'] = $firstnameRec;
$_SESSION['last_name'] = $lastnameRec;
$_SESSION['full_name'] = $firstnameRec . ' ' . $lastnameRec;
$_SESSION['email'] = $emailRec;
$_SESSION['account_num'] = $accountNumRec;
session_write_close();
header("Location: accounts");
}
}
return $data;
}
