public function auth($email, $password, $type) { $_link = $this->getDBH(); if ($email != '' && $password != '' && $type != '') { $query = $_link->prepare('SELECT * FROM `users` WHERE `email` = :email'); $query->bindParam(':email', $email, PDO::PARAM_STR); $query->execute(); $res = $query->fetch(PDO::FETCH_ASSOC); if ($type == 'returning_user') { if ($this->site_settings('allow_user_sign_in') == 0) { echo 'Unfortunately the sign in function has been disabled by staff'; } else { if ($query->rowCount() > 0) { if (password_verify($password, $res['password'])) { if ($res['allowed'] != 0) { echo 'Your account seems to be locked by an adminstrator.'; } else { $date = new DateTime(); $date = $date->getTimestamp(); $ip_address = $_SERVER['REMOTE_ADDR']; $query = $_link->prepare('UPDATE `users` SET `last_login` = :login, `most_recent_ip` = :ip WHERE `id` = :id'); $query->bindParam(':login', $date, PDO::PARAM_STR); $query->bindParam(':ip', $ip_address, PDO::PARAM_STR); $query->bindParam(':id', $res['id'], PDO::PARAM_INT); $query->execute(); setcookie('user', $res['id'], time() + 999999, '/'); echo 'success'; } } else { echo 'Incorrect password.'; } } else { echo 'That email address has not been registered with us.'; } } } else { if ($type == 'new_user') { $date = new DateTime(); $date = $date->getTimestamp(); if ($this->site_settings('allow_new_user_register') == 0) { echo 'Unfortunately the registration function has been disabled by staff'; } else { $time = new time(); if ($this->site_settings('enable_protection') == 1 && $time->registration_time($_SERVER['REMOTE_ADDR'])) { echo 'Unfortunately you can only create an account every 24 hours from one ip address.'; } else { if ($query->rowCount() < 1) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { $options = ['cost' => 12]; $password = password_hash($password, PASSWORD_BCRYPT, $options); $url = ""; $nickname = explode('@', $email); $ip_address = $_SERVER['REMOTE_ADDR']; $query = $_link->prepare('INSERT INTO `users`() VALUES(NULL, :email, :password, :date, :nick, 0, :login, :url, 0, :ip)'); $query->bindParam(':email', $email, PDO::PARAM_STR); $query->bindParam(':password', $password, PDO::PARAM_STR); $query->bindParam(':date', $date, PDO::PARAM_STR); $query->bindParam(':nick', $nickname[0], PDO::PARAM_STR); $query->bindParam(':login', $date, PDO::PARAM_STR); $query->bindParam(':url', $url, PDO::PARAM_STR); $query->bindParam(':ip', $ip_address, PDO::PARAM_STR); $query->execute(); $query = $_link->prepare('INSERT INTO `registrations`() VALUES(NULL, :ip, :date)'); $query->bindParam(':ip', $ip_address, PDO::PARAM_STR); $query->bindParam(':date', $date, PDO::PARAM_STR); $query->execute(); $query = $_link->prepare('SELECT * FROM `users` WHERE `email` = :email'); $query->bindParam(':email', $email, PDO::PARAM_STR); $query->execute(); $res = $query->fetch(PDO::FETCH_ASSOC); if ($res['id'] == 1) { $query = $_link->prepare('UPDATE `users` SET `user_group` = 1 WHERE `id` = :id'); $query->bindParam(':id', $res['id'], PDO::PARAM_INT); $query->execute(); } setcookie('user', $res['id'], time() + 999999, '/'); echo 'success'; } else { echo 'The email address you have entered is invalid.'; } } else { echo 'That email address is already registered with us.'; } } } } } } else { echo 'Please fill in all fields.'; } }