// echo $key;
// echo ": " . $value;
// echo "<br/>";
// }
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['bf_login'])) {
if (strlen($_POST['log']) < 1) {
$logerr = "fielderror";
}
if (strlen($_POST['pwd']) < 1) {
$pwderr = "fielderror";
}
}
if (isset($_POST['log']) && isset($_POST['pwd'])) {
//posted data : yes
$dblogin = sql_escape_string(strtolower($_POST['log']), 1);
$dbpassword = sql_escape_string(hash('sha256', doubleSalt($_POST['pwd'], $dblogin)), 1);
//Validate the user
$sql = "CALL ValidateUser(" . $dblogin . ", " . $dbpassword . ", '" . getRealIpAddr() . "');";
//echo $sql.'<br/>';
$Result = execute_query($mysqli, $sql);
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$validemail = 1;
}
while ($row[1] = $Result[1]->fetch_assoc()) {
$_SESSION['user_id'] = $row[1]['user_id'];
$_SESSION['user_key'] = $row[1]['user_key'];
$_SESSION['company_id'] = $row[1]['company_id'];
$_SESSION['organization_id'] = $row[1]['organization_id'];
$_SESSION['organization_name'] = $row[1]['organization_name'];
$_SESSION['user_email_address'] = $row[1]['user_email_address'];
case 1:
//password reset
//if the passwords are long enough and they match
$pass1 = isset($_REQUEST["password1"]) ? $_REQUEST["password1"] : '';
// Pass1
$pass2 = isset($_REQUEST["password2"]) ? $_REQUEST["password2"] : '';
// Pass2
$dblogin = isset($_REQUEST["action_user_email_address"]) ? $_REQUEST["action_user_email_address"] : '';
// login
$action_code = isset($_REQUEST["action_code"]) ? $_REQUEST["action_code"] : '';
// Action code
$action_user_key = isset($_REQUEST["action_user_key"]) ? $_REQUEST["action_user_key"] : '';
// Action user
$dblogin = sql_escape_string(strtolower($dblogin), 1);
$pass1 = sql_escape_string(hash(sha256, doubleSalt($pass1, $dblogin)), 1);
$pass2 = sql_escape_string(hash(sha256, doubleSalt($pass2, $dblogin)), 1);
if (strlen($action_code) == 36 && strlen($pass1) > 0 && strlen($pass2) > 0 && $pass1 == $pass2) {
$sql = "CALL PasswordResetAction(" . $action_type_id . ", '" . $action_user_key . "', '" . $action_code . "', " . $pass1 . ", " . $pass2 . " );";
//echo $sql;
$Result = execute_query($mysqli, $sql);
if ($Result) {
while ($row = $Result[0]->fetch_assoc()) {
$_SESSION['user_email_address'] = $row['user_email_address'];
$_SESSION['user_first_name'] = $row['user_first_name'];
$_SESSION['user_last_name'] = $row['user_last_name'];
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_key'] = $row['user_key'];
$_SESSION['user_role_id'] = $row['user_role_id'];
$validated = 1;
}
} else {
