Hugging Face's logo

Spaces:
huggingfacejs
/
static-variables
Running

App Files Community
5
static-variables / jweb /ac1 /login.php
fellybikush's picture
fellybikush
Upload 99 files
628740b verified
raw
history blame
4.37 kB
<?php
// login.php - Enhanced login with session management
session_start();
include_once 'db.php';
// Check if database connection is available
if (!$db) {
 http_response_code(503);
 echo json_encode(array("success" => false, "message" => "Service temporarily unavailable."));
 exit;
}
// Get posted data
$input = file_get_contents("php://input");
$data = json_decode($input);
if (json_last_error() !== JSON_ERROR_NONE) {
 http_response_code(400);
 echo json_encode(array("success" => false, "message" => "Invalid JSON data."));
 exit;
}
// Check if data is not empty
if (!empty($data->email) && !empty($data->password)) {
 // Prepare query
 $query = "SELECT id, username, email, password_hash, tier, package, balance,
total_deposits, total_withdrawals, rewards, account_status, is_active
 FROM users
WHERE (username = :credential OR email = :credential) AND is_active = 1";
$stmt = $db->prepare($query);
 $credential = htmlspecialchars(strip_tags($data->email));
 $stmt->bindParam(":credential", $credential);
try {
 $stmt->execute();
 } catch(PDOException $e) {
 error_log("Database error: " . $e->getMessage());
 http_response_code(500);
 echo json_encode(array("success" => false, "message" => "Database error occurred."));
 exit;
 }
if ($stmt->rowCount() == 1) {
 $row = $stmt->fetch(PDO::FETCH_ASSOC);
// Check account status
 if ($row['account_status'] !== 'active') {
 http_response_code(403);
 echo json_encode(array("success" => false, "message" => "Account is suspended or pending approval."));
 exit;
 }
// Verify password
 if (password_verify($data->password, $row['password_hash'])) {
 // Create session
 $ip_address = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
 $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
 $session_id = $sessionManager->createSession($row['id'], $ip_address, $user_agent);
if ($session_id) {
 // Log activity
 $sessionManager->logActivity($row['id'], 'login', 'User logged in successfully', $ip_address, $user_agent);
 $sessionManager->updateLastLogin($row['id']);
// Set session variables
 $_SESSION['user_id'] = $row['id'];
 $_SESSION['username'] = $row['username'];
 $_SESSION['email'] = $row['email'];
 $_SESSION['tier'] = $row['tier'];
 $_SESSION['package'] = $row['package'];
 $_SESSION['balance'] = $row['balance'];
 $_SESSION['total_deposits'] = $row['total_deposits'];
 $_SESSION['total_withdrawals'] = $row['total_withdrawals'];
 $_SESSION['rewards'] = $row['rewards'];
 $_SESSION['session_id'] = $session_id;
 $_SESSION['logged_in'] = true;
 $_SESSION['login_time'] = time();
http_response_code(200);
 echo json_encode(array(
 "success" => true,
 "message" => "Login successful.",
 "redirect" => "src/pages/index.php",
 "user_data" => [
 "user_id" => $row['id'],
 "username" => $row['username'],
 "email" => $row['email'],
 "tier" => $row['tier'],
 "package" => $row['package'],
 "balance" => $row['balance']
 ]
 ));
 } else {
 http_response_code(500);
 echo json_encode(array("success" => false, "message" => "Session creation failed."));
 }
 } else {
 http_response_code(401);
 echo json_encode(array("success" => false, "message" => "Invalid password."));
 }
 } else {
 http_response_code(404);
 echo json_encode(array("success" => false, "message" => "User not found or account inactive."));
 }
} else {
 http_response_code(400);
 echo json_encode(array("success" => false, "message" => "Unable to login. Data is incomplete."));
}
?>