function startSession($isUserActivity = true, $prefix = null)
{
$sessionLifetime = 1440;
$idLifetime = 60;
if (session_id()) {
return true;
}
// session_name('SIDPHP'.($prefix ? '_'.$prefix : ''));
ini_set('session.cookie_lifetime', 0);
if (!session_start()) {
return false;
}
$t = time();
if ($sessionLifetime) {
if (isset($_SESSION['lastactivity']) && $t - $_SESSION['lastactivity'] >= $sessionLifetime) {
destroySession();
return false;
} else {
if ($isUserActivity) {
$_SESSION['lastactivity'] = $t;
}
}
}
if ($idLifetime) {
if (isset($_SESSION['starttime'])) {
if ($t - $_SESSION['starttime'] >= $idLifetime) {
session_regenerate_id(true);
$_SESSION['starttime'] = $t;
}
} else {
$_SESSION['starttime'] = $t;
}
}
return true;
}
function testDb()
{
global $Dbc, $debug, $message, $success;
if (!empty($_POST['email']) && emailValidate($_POST['email']) && !empty($_POST['firstName']) && !empty($_POST['lastName']) && !empty($_POST['password']) && passwordValidate($_POST['password'])) {
destroySession();
$email = trim($_POST['email']);
$pass = sha1(trim($_POST['password']));
$firstName = trim($_POST['firstName']);
$lastName = trim($_POST['lastName']);
$rememberMeCode = sha1($email);
$Dbc->beginTransaction();
try {
$stmt = $Dbc->prepare("SELECT getUserIdByEmail(?) AS 'userId'");
$stmt .= $stmt->execute(array($email));
while ($row = $stmt->fetch()) {
$debug->add('$row[\'userId\']: ' . $row['userId']);
$debug->printArray($row, '$row');
if (empty($row['userId'])) {
//There are no users with the email address, so continue.
pdoError(__LINE__, $stmt, 1);
$stmt = $Dbc->prepare("INSERT INTO\n\tusers\nSET\n\tprimaryEmail = ?,\n\tuserPassword = ?,\n\tfirstName = ?,\n\tlastName = ?,\n\tjoinDate = ?");
if ($stmt->execute(array($email, $pass, $firstName, $lastName, DATETIME))) {
$debug->add('last id: ' . $Dbc->lastInsertId());
} else {
pdoError(__LINE__, $stmt);
}
} else {
$message .= 'That email address is already associated with an account. Please enter a different email address.<br>';
}
}
} catch (PDOException $e) {
//Rollback occurs automatically if an exception is thrown.
error(__LINE__, '', '<pre>' . $e . '</pre>');
pdoError(__LINE__);
}
} elseif (empty($_POST['email'])) {
$debug->add('email is empty on line ' . __LINE__ . '');
$message .= 'Please enter an email address.';
} elseif (!emailValidate($_POST['email'])) {
$message .= 'Please enter a valid email address.';
$debug->add('Email address is not valid.');
} elseif (empty($_POST['firstName'])) {
$debug->add('first name is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a First Name.';
} elseif (empty($_POST['lastName'])) {
$debug->add('last name is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a Last Name.';
} elseif (empty($_POST['password'])) {
$debug->add('password is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a password.';
} else {
$debug->add('Something is missing.');
}
returnData();
}
function checkUser()
{
if (isset($_SESSION["UID"])) {
$sql = "Select id, pwd from member where id=" . $_SESSION["UID"];
$result = $this->db->execute($sql);
$check = mysqli_fetch_object($result);
if ($this->hashPWD == $check->pwd && $this->userID == $check->id) {
return true;
} else {
return false;
}
} else {
destroySession();
}
}
function doIndex()
{
showPage("header");
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'login':
include "login.php";
break;
case 'recover_password':
include "recover_password.php";
break;
case "register":
include "registration.php";
break;
case "hash":
include "hash.php";
break;
case "activate":
include "activation.php";
break;
/*case "mail":
{
mail("*****@*****.**", "costma", "costam");
break;
}*/
/*case "mail":
{
mail("*****@*****.**", "costma", "costam");
break;
}*/
case "delete":
include "delete_user.php";
break;
case "log_out":
destroySession();
include "home_page.php";
break;
default:
include "home_page.php";
break;
}
} else {
include "home_page.php";
}
showPage("footer");
}
function isUserLoggedIn()
{
global $loggedInUser, $db_table_prefix;
if ($loggedInUser == NULL) {
return false;
//if $loggedInUser is null, we don't need to check the database. KISS
} else {
try {
$db = pdoConnect();
$sqlVars = array();
$query = "SELECT \n id,\n password\n FROM {$db_table_prefix}users\n WHERE\n id = :user_id\n AND \n password = :password \n AND\n active = 1\n LIMIT 1";
$stmt = $db->prepare($query);
$sqlVars[':user_id'] = $loggedInUser->user_id;
$sqlVars[':password'] = $loggedInUser->hash_pw;
if (!$stmt->execute($sqlVars)) {
// Error: column does not exist
return false;
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row) {
return true;
} else {
destroySession("userCakeUser");
//user may have been deleted but a session lingers. delete it.
return false;
//not loggedin
}
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
} catch (RuntimeException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
}
}
}
function isUserLoggedIn()
{
global $loggedInUser, $mysqli, $db_table_prefix, $loggedInUser;
if (isset($_SESSION["userCakeUser"])) {
$loggedInUser = unserialize($_SESSION["userCakeUser"]);
}
if ($loggedInUser == NULL) {
return false;
destroySession("userCakeUser");
} else {
if ($loggedInUser->candidate == "Y") {
$num_returns = 1;
} else {
$stmt = $mysqli->prepare("SELECT \n \t\tid,\n \t\tpassword\n \t\tFROM " . $db_table_prefix . "users\n \t\tWHERE\n \t\tid = ?\n \t\tAND \n \t\tpassword = ? \n \t\tAND\n \t\tactive = 1\n \t\tLIMIT 1");
$stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
$stmt->execute();
$stmt->store_result();
$num_returns = $stmt->num_rows;
$stmt->close();
}
if ($num_returns > 0) {
return true;
} else {
destroySession("userCakeUser");
return false;
}
}
}
function isUserLoggedIn()
{
global $loggedInUser, $mysqli, $db_table_prefix;
$stmt = $mysqli->prepare("SELECT \r\n\t\tid,\r\n\t\tpassword\r\n\t\tFROM " . $db_table_prefix . "users\r\n\t\tWHERE\r\n\t\tid = ?\r\n\t\tAND \r\n\t\tpassword = ? \r\n\t\tAND\r\n\t\tactive = 1\r\n\t\tLIMIT 1");
$stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
$stmt->execute();
$stmt->store_result();
$num_returns = $stmt->num_rows;
$stmt->close();
if ($loggedInUser == NULL) {
return false;
} else {
if ($num_returns > 0) {
return true;
} else {
destroySession("userCakeUser");
return false;
}
}
}
function getMaintMode()
{
//See if maintenance mode is set. Unless the user is Admin the session will be destroyed to prevent login.
global $debug, $message, $success, $Dbc;
try {
$stmt = $Dbc->query("SELECT\n\tmaintModeStartTime AS 'maintModeStartTime',\n\tmaintModeEndTime AS 'maintModeEndTime'\nFROM\n\tadminControl");
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row['maintModeStartTime']) {
if (isset($_SESSION['siteRoleId']) && $_SESSION['siteRoleId'] == 5) {
$_SESSION['maintMode'] = false;
} else {
//Don't activate maintMode if either start or end time is null.
if (empty($row['maintModeStartTime']) || empty($row['maintModeEndTime'])) {
$_SESSION['maintMode'] = false;
} else {
if (strtotime($row['maintModeStartTime']) < TIMESTAMP && strtotime($row['maintModeEndTime']) > TIMESTAMP) {
$message = 'We are currenlty performing maintenance on the site. Access will be restored on ' . $row['maintModeEndTime'] . ' UTC. ';
$_SESSION['maintMode'] = true;
destroySession();
} else {
$_SESSION['maintMode'] = false;
}
}
}
}
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
}
function isUserLoggedIn()
{
global $loggedInUser, $DB, $db_table_prefix;
$stmt = $DB->prepare("SELECT\r\n\t\tid,\r\n\t\tpassword\r\n\t\tFROM " . $db_table_prefix . "users\r\n\t\tWHERE\r\n\t\tid = ?\r\n\t\tAND\r\n\t\tpassword = ?\r\n\t\tAND\r\n\t\tactive = 1\r\n\t\tLIMIT 1");
$stmt->bindParam(1, $loggedInUser->user_id);
$stmt->bindParam(2, $loggedInUser->hash_pw);
$stmt->execute();
$num_returns = $stmt->rowCount();
if ($loggedInUser == NULL) {
return false;
} else {
if ($num_returns > 0) {
return true;
} else {
destroySession("PerunioCMS");
return false;
}
}
}
<?php
// rnlogout.php
ob_start();
include_once 'rnheader.php';
$div = "<div class='drop-shadow curved curved-vt-2' \nstyle='height:auto;width:90%;margin:0px 60px 20px 60px;padding:-60px;top:10px;'>";
if (isset($_SESSION['user']) && isset($_GET['hext'])) {
destroySession($_SESSION['user']);
//....................................................Shadowed Box................................//
echo $div;
//..................................................Division Green.................................//
echo "\n<div class='div4' >\n<h3 class='pg'><font class='ft3'>Logged out</font></h3>\n<hr style='margin-bottom:0;'/>\n<div align='center' class='divpg'>\n<br/>\n<fieldset class='outer' style='margin-left:30px;margin-right:30px;'>\n<fieldset style='background-image:url(son.png);margin-left:10%;margin-right:10%;' class='iner'>\n<font class='ft3' style='font-size:20px;text-shadow: 1px 1px 1px rgba(0,0,0,1);color:white;'>\n<b><big>You have been logged out.</big><br/>You'll be redirected within 3 seconds <br/>OR if it doesn't work <br/><br/> Please\n<a class='button grey' href='index.php'>click here</a> to refresh the screen.</b><br/>\n</font>\n</fieldset><br/>\n</fieldset><br/>\n</div><hr style='margin-top:0px;'/><br/>\n</div></div><br/>\n<h1 class='footerfont' align='center'>\n<b>© SocioNova.com copyright by Noviya Corp. </b>\n</h1>";
echo "<meta http-equiv='Refresh' content='3;url=index.php'/>";
} else {
if (!$loggedin) {
// Shadowed Box //
echo $div;
// Division Green //
echo "\n<div class='div4' >\n<h3 class='pg'><font class='ft3'>Logged out</font></h3>\n<hr style='margin-bottom:0;'/>\n<div align='center' class='divpg'><br/>\n<fieldset class='outer' style='margin-left:30px;margin-right:30px;'><br/>\n<fieldset style='background-image:url(son.png);margin-left:10%;margin-right:10%;' class='iner'>\n<font class='ft3' style='font-size:20px;color:white;text-shadow: 1px 1px 1px rgba(0,0,0,1);'>\n<b ><big>!@!..Sorry, Something went Wrong..!@!</big>\n<br/>It seems You are not logged in. <br/>Kindly <a class='button grey' href='index.php' target=''> log in </a>to access your Account.<br/>\n<br/>If you are New to this site ,<br/>Please <a class='button grey' href='index.php' target=''> Sign up </a> to join this Community.</b><br/>\n</font>\n</fieldset><br/>\n</fieldset><br/>\n</div><hr style='margin-top:0px;'/><br/>\n</div></div><br/>\n<h1 class='footerfont' align='center'>\n<b>© SocioNova.com copyright by Noviya Corp. </b>\n</h1>";
} else {
die(require_once 'errorol.php');
}
}
echo "</body></html>";
ob_end_flush();
function isUserLoggedIn()
{
global $loggedInUser;
if ($loggedInUser == NULL) {
return false;
}
$query = UcUsersQuery::create()->filterById($loggedInUser->user_id)->filterByPassword($loggedInUser->hash_pw)->filterByActive(true)->find();
$num_returns = count($query);
if ($num_returns > 0) {
return true;
} else {
destroySession("userCakeUser");
return false;
}
}
/**
* This generic method validates that the user record contains at least the ON-WEB plugin to access the site.
* If not then redirect user to error page and inform them they do not have privilege to access the site
* @param $userName String username form login page
* @param $installedPlugins converted SESSION array from FM database field using the user record in [WEB] Login layout
* @param $pluginName String name of the plugin to validate
*/
function validatePlugin($userName, $installedPlugins, $pluginName)
{
global $log;
if (!isset($installedPlugins) || empty($installedPlugins)) {
destroySession();
$log->debug("Test for empty - User does not have: " . $pluginName . " access now redirect to error username: "******"The " . $pluginName . " plug-in has not been licensed";
$messageTitle = "Plug-in Not Installed";
$log->debug("Plugin field is empty: " . $pluginName . " username: "******"N/A", "utility.php", "N/A", $messageTitle);
}
if (is_array($installedPlugins)) {
if (!in_array($pluginName, $installedPlugins)) {
destroySession();
$errorMessage = "The " . $pluginName . " plug-in has not been licensed";
$messageTitle = "Plug-in Not Installed";
$log->debug("Test in array - User does not have: " . $pluginName . " access now redirect to error username: "******"N/A", "utility.php", "N/A", $messageTitle);
}
} else {
if ($installedPlugins != $pluginName) {
destroySession();
$errorMessage = "The " . $pluginName . " plug-in has not been licensed";
$messageTitle = "Plug-in Not Installed";
$log->debug("Test in String - User does not have: " . $pluginName . " access now redirect to error username: "******"N/A", "utility.php", "N/A", $messageTitle);
}
}
}
function createNewUser()
{
/*
A new user has entered their information. We will create their account.
*/
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (empty($_POST['firstName'])) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is empty.');
} elseif (empty($_POST['lastName'])) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is empty.');
} elseif (empty($_POST['email'])) {
throw new Adrlist_CustomException('', 'email is empty.');
} elseif (!emailValidate($_POST['email'])) {
throw new Adrlist_CustomException('', 'Email address is not valid.');
} elseif (!passwordValidate($_POST['password'])) {
throw new Adrlist_CustomException('', '$_POST[\'password\'] is not valid.');
} elseif (empty($_POST['password'])) {
throw new Adrlist_CustomException('', '$_POST[\'password\'] is empty.');
} elseif (empty($_POST['timeZone'])) {
throw new Adrlist_CustomException('', '$_POST[\'timeZone\'] is empty.');
}
/*elseif(empty($_POST['recaptcha_challenge_field'])){
throw new Adrlist_CustomException('','$_POST[\'recaptcha_challenge_field\'] is empty.');
}elseif(empty($_POST['recaptcha_response_field'])){
throw new Adrlist_CustomException('','$_POST[\'recaptcha_response_field\'] is empty.');
}*/
destroySession();
$_POST['email'] = trim($_POST['email']);
$passEncoded = sha1(trim($_POST['password']));
$_POST['firstName'] = trim($_POST['firstName']);
$_POST['lastName'] = trim($_POST['lastName']);
$rememberMeCode = sha1($_POST['email']);
$invitationCode = isset($_POST['invitationCode']) ? trim($_POST['invitationCode']) : '';
/*
$resp = recaptcha_check_answer(RECAPTCHAPRIVATEKEY, $_SERVER["REMOTE_ADDR"], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if(!$resp->is_valid && !LOCAL){
throw new Adrlist_CustomException('The reCAPTCHA wasn\'t entered correctly. Please enter the new reCAPTCHA.','reCAPTCHA said: ' . $resp->error . '.');
}
$debug->add('The recaptcha response is valid.');
*/
$Dbc->beginTransaction();
//See if this email address is already in use.
$getUserIdQuery = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tprimaryEmail = ?");
$getUserIdQuery->execute(array($_POST['email']));
$row = $getUserIdQuery->fetch(PDO::FETCH_ASSOC);
if (empty($row['userId'])) {
//There are no users with the email address, so insert the user record.
$insertUserQuery = $Dbc->prepare("INSERT INTO\n\tusers\nSET\n\tprimaryEmail = ?,\n\tuserPassword = ?,\n\tfirstName = ?,\n\tlastName = ?,\n\tdateAdded = ?");
$insertUserQuery->execute(array($_POST['email'], $passEncoded, $_POST['firstName'], $_POST['lastName'], DATETIME));
$userId = $Dbc->lastInsertId();
if (!empty($invitationCode)) {
$debug->add('$invitationCode: ' . "{$invitationCode}");
//The user is responding to an invitation. Verify the invitation code matches the email.
$verifyInviteQuery = $Dbc->prepare("SELECT\n\temail as 'email'\nFROM\n\tinvitations\nWHERE\n\tinvitationCode = ? AND\n\temail = ? AND\n\trespondDate IS NULL");
$verifyInviteQuery->execute(array($invitationCode, $_POST['email']));
$verifyInvite = $verifyInviteQuery->fetch(PDO::FETCH_ASSOC);
if ($verifyInvite['email'] === '' || $verifyInvite['email'] === NULL) {
//The invitation code wasn't found or didn't match the email address. The user will still be created.
$message .= '<div class="red" style="padding:10px;">An invitation wasn\'t found. It may have been cancelled by the person who made the invitation.</div>';
} else {
$invitedEmail = true;
//The invitation code and email have been verified. Look for more invitations.
$invitationsQuery = $Dbc->prepare("SELECT\n\tinvitationId AS 'invitationId',\n\tfolderId AS 'folderId',\n\tfolderRoleId AS 'folderRoleId',\n\tlistId AS 'listId',\n\tlistRoleId AS 'listRoleId',\n\tsenderId AS 'senderId'\nFROM\n\tinvitations\nWHERE\n\temail = ? AND\n\trespondDate IS NULL");
$invitationsQuery->execute(array($_POST['email']));
$folderArray = array();
//A nested associative array: requestingUserId => array(folderId,userFolderRoleId).
//Insert the new user's roles from the invitation(s).
while ($invitationsRow = $invitationsQuery->fetch(PDO::FETCH_ASSOC)) {
if (!empty($invitationsRow['folderId']) && !empty($invitationsRow['folderRoleId'])) {
//Add the folder to an array for creating list roles.
$folderArray[$invitationsRow['senderId']][$invitationsRow['folderId']] = $invitationsRow['folderRoleId'];
//Insert the folder role.
$insertFolderRole = $Dbc->prepare("INSERT INTO\n\tuserFolderSettings\nSET\n\tfolderId = ?,\n\tuserId = ?,\n\tfolderRoleId = ?,\n\tdateAdded = ?");
$insertFolderRole->execute(array($invitationsRow['folderId'], $userId, $invitationsRow['folderRoleId'], DATETIME));
}
if (!empty($invitationsRow['listId']) && !empty($invitationsRow['listRoleId'])) {
//Insert the list role.
$insertListRole = $Dbc->prepare("INSERT INTO\n\tuserListSettings\nSET\n\tlistId = ?,\n\tuserId = ?,\n\tlistRoleId = ?,\n\tdateAdded = ?");
$insertListRole->execute(array($invitationsRow['listId'], $userId, $invitationsRow['listRoleId'], DATETIME));
}
//Update the invitation respond date.
$respondDateQuery = $Dbc->prepare("UPDATE\n\tinvitations\nSET\n\trespondDate = ?\nWHERE\n\tinvitationId = ?");
$respondDateQuery->execute(array(DATETIME, $invitationsRow['invitationId']));
}
//Insert roles for each list in the sharedFolders array.
if (!empty($folderArray) && is_array($folderArray)) {
$debug->printArray($folderArray, '$folderArray');
foreach ($folderArray as $requestingUserId => $sharedFoldersArray) {
distributeRoles($requestingUserId, $userId, $sharedFoldersArray, true);
}
} elseif (!empty($folderArray)) {
error(__LINE__, '', '$sharedFoldersArray must be an associative array near line ' . __LINE__ . '.<br>');
}
}
}
//Create the user's default userSettings.
$insertUserSettingsQuery = $Dbc->prepare("INSERT\nINTO\n\tuserSiteSettings\nSET\n\tuserId = ?,\n\trememberMeCode = ?,\n\ttimeZone = ?,\n\tsiteRoleId = ?");
$insertUserSettingsQuery->execute(array($userId, $rememberMeCode, $_POST['timeZone'], 1));
//There is no default billing for a user. The user can select a plan, or there may be a promotion when starting an account.
//We must insert a userBillingAction first.
$userBillingActionStmt = $Dbc->prepare("INSERT\nINTO\n\tuserBillingActions\nSET\n\tuserId = ?,\n\tbillingOfferId = ?,\n\tbillingActionId = ?,\n\tvendorId = ?,\n\tbillingDatetime = ?");
$userBillingActionStmt->execute(array($userId, 1, 10, 3, DATETIME));
$userBillingActionId = $Dbc->lastInsertId();
$billingQuery = $Dbc->prepare("INSERT\nINTO\n\tuserBilling\nSET\n\tuserId = ?,\n\tbillingOfferId = ?,\n\tuserBillingActionId = ?,\n\tdateAdded = ?");
$billingQuery->execute(array($userId, 1, $userBillingActionId, DATETIME));
//Send a welcome email.
$subject = 'Welcome to ' . THENAMEOFTHESITE . '!';
$body = '<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" bgcolor="#FFFFFF">
<tr>
<td align="left"><font face="' . FONT . '" size="' . SIZE5 . '"><b>Welcome to ' . THENAMEOFTHESITE . '!</b><br>
</font></td>
</tr>
<tr>
<td align="left"><font face="' . FONT . '" size="' . SIZE3 . '"></font>Create your first ADR list by logging in: <a href="' . LINKLOGIN . '/?email=' . $_POST['email'] . '">' . LINKLOGIN . '</a>.<br>
<div> </div>
<div> </div>
<div> </div>
</td>
</tr>
</table>';
$textBody = "Welcome to " . THENAMEOFTHESITE . ".\nCreate your first list by logging in: https://" . DOMAIN . "/login?email=" . $_POST['email'] . "\nThis is an automated message. Please do not reply.";
email(EMAILDONOTREPLY, $_POST['email'], $subject, $body, $textBody);
setcookie(REMEMBERME, $rememberMeCode, time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
$Dbc->commit();
$success = true;
$returnThis['pass'] = $_POST['password'];
} else {
$message .= "The email address you entered is already in use. Please choose another or try logging in.<br>";
$debug->add('The email address belongs to userId: ' . $row['userId'] . '.');
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
if (MODE == 'createNewUser') {
returnData();
}
}
returnData();
}
public function userLogOut()
{
destroySession("PerunioCMS");
}
public function userLogOut()
{
destroySession(" User");
}
<?php
require_once './functions.php';
destroySession();
//End the session and tell the user what's going on
echo <<<_END
<!DOCTYPE html>
<html><head>
<link href='./css/bootstrap.min.css' rel='stylesheet'>
<link rel="icon" type="image/png" href="../favicon-32x32.png" sizes="32x32" />
<link rel="icon" type="image/png" href="../favicon-16x16.png" sizes="16x16" />
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="../image/png" href="favicon-32x32.png" sizes="32x32" />
<link rel="icon" type="../image/png" href="favicon-16x16.png" sizes="16x16" />
<title>Log out</title>
<link href="./css/bootstrap.min.css" rel="stylesheet">
<link href="./css/signin.css" rel="stylesheet">
<div class="container">
<form class="form-signin" method='post' action='index.php'>
<h2 class="form-signin-heading">You are logged out</h2>
<a href='./index.php'>Log in</a> again.
_END
;
$db = getMongo();
$productQuery = array('id' => $args['productId'], 'category' => $args['category']);
$product = $db->products->findOne($productQuery);
if ($product != null) {
$product = $product["details"];
}
return $res->write(json_encode($product, JSON_NUMERIC_CHECK));
})->add($mw);
$app->get('/email_registered/{email}', function ($req, $res, $args) {
if (isEmailRegistered($args['email'])) {
return $res->withAddedHeader('status', 'error')->withStatus(200);
}
return $res->withAddedHeader('status', 'success')->withStatus(200);
});
$app->get('/logout', function ($req, $res, $args) {
$session = destroySession();
$response["status"] = "info";
$response["message"] = "Logged out successfully";
return $res->write(json_encode($response))->withStatus(200);
});
$app->post('/login', function ($req, $res, $args) {
$user = $req->getParsedBody()["customer"];
$saltedPass = passwordHash($user['email'], $user['password']);
$userQuery = array('email' => $user['email']);
$db = getMongo();
$user = $db->users->findOne($userQuery);
if ($user != NULL) {
if ($user['password'] === $saltedPass) {
$response['status'] = "success";
$response['message'] = 'Logged in successfully.';
$response['name'] = $user['name'];
