if (isset($_POST['login'])) {
$login = (array) json_decode(base64_decode($_POST['login']));
if ($field = Submission::checkFields(array("username", "password"), $login)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
if (Settings::i()->captcha_private) {
if (!isset($login['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$key = Crypto::GenerateKey($login['username']);
$find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key))));
if ($find !== false) {
if (!is_array($find)) {
$iv = base64_decode(base64_decode($find->iv));
$password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $login['password'])));
$find = DbManager::i()->select("sf_members", array("userid"), array("password" => $password));
if ($find !== false && !is_array($find)) {
echo Submission::createResult("login successful", true);
$_SESSION['login'] = 1;
$_SESSION['userid'] = $find->userid;
$find = DbManager::i()->select("sf_carts", array("cart"), array("userid" => $find->userid));
if ($find !== false && !is_array($find)) {
//cart already exists for user
if ($find->cart != "e30=" && strlen($find->cart) != 4) {
//not empty cart - overwrite with saved one from DB
die(Submission::createResult("Passwords do not match"));
}
}
if (!is_null(Settings::i()->captcha_private)) {
if (!isset($registration['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$u = $registration['username'];
$iv = Crypto::GenerateIV();
$key = Crypto::GenerateKey($u);
$username = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $u)));
$find = DbManager::i()->select("sf_members", array("userid"), array("key" => base64_encode(base64_encode($key))));
if ($find && count($find) > 0) {
die(Submission::createResult("Username is already taken"));
}
$pw = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['password'])));
$email = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['email'])));
$ip = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $_SERVER['REMOTE_ADDR'])));
$key = base64_encode(base64_encode($key));
$iv = base64_encode(base64_encode($iv));
$reg_date = date("Y-m-d");
$insert = DbManager::i()->insert("sf_members", array("username", "email", "password", "key", "iv", "register_date", "ip"), array($username, $email, $pw, $key, $iv, $reg_date, $ip));
if ($insert) {
Logger::i()->writeLog("Account created with username: {$u}");
die(Submission::createResult("Your account has been created successfully", true));
