| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- <?php
- /* Authenticates the user or returns error if the credentials are not correct */
-
- $params = array();
- parse_str($_POST['sign_in_data'], $params);
-
- if(!array_key_exists('email-login', $params) || !array_key_exists('password-login', $params)) {
- echo 400; // Missing parameters
- }
- else {
- // Retrieve user credentials
- $email = $params['email-login'];
- $password = $params['password-login'];
-
- require_once('db_utils.php');
- $conn = db_connect(); // Connect to the database
-
- // Check if the username already exists
- if(!($result = mysqli_query($conn, "SELECT * FROM user WHERE username = '$email'"))) {
- echo 400; // Wrong query
- }
- else {
- if(mysqli_num_rows($result) != 1) { // User not registered or duplicated
- echo 401;
- }
- else {
- $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
- mysqli_free_result($result);
- $activated = $row['activated'];
- if($activated == FALSE)
- echo 402; // Email not activated
- else { // Email verified
- $hash = $row['password'];
- $full_salt = substr($hash, 0, 29);
- $new_hash = crypt($password, $full_salt);
- if ($hash == $new_hash) {
- session_start(); // Start session for this user
- $_SESSION['userlogin'] = $email; // Save email in the session
- echo 200; // Authentication successful
- }
- else
- echo 401; // Wrong username or password
- }
- }
- }
-
- mysqli_free_result($result);
- db_close($conn); // Close the database
- }
- ?>
|
