TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a311e81a12a845255163e5164c3a9b675057d477
4WDCSA.co.za/validate_login.php

157 lines
6.2 KiB
PHP
Raw Blame History

<?php
require_once("env.php");
require_once("session.php");
require_once("connection.php");
require_once("functions.php");
require_once 'google-client/vendor/autoload.php'; // Add this line for Google Client
use Middleware\CsrfMiddleware;
// Check if connection is established
if (!$conn) {
json_encode(['status' => 'error', 'message' => 'Database connection failed.']);
exit();
}
// Validate CSRF token for POST requests (email/password login)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_GET['code'])) {
CsrfMiddleware::requireToken($_POST);
}
// Google Client Setup
$client = new Google_Client();
$client->setClientId('948441222188-8qhboq2urr8o9n35mc70s5h2nhd52v0m.apps.googleusercontent.com');
$client->setClientSecret('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');
$client->setRedirectUri($_ENV['HOST'] . '/validate_login.php');
$client->addScope("email");
$client->addScope("profile");
// 👇 Add this to force the account picker
$client->setPrompt('select_account');
// Check if Google login code is set
if (isset($_GET['code'])) {
$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
if (!isset($token["error"])) {
$client->setAccessToken($token['access_token']);
$google_oauth = new Google_Service_Oauth2($client);
$google_account_info = $google_oauth->userinfo->get();
// Get user info from Google
$email = $google_account_info->email;
$name = $google_account_info->name;
$first_name = $google_account_info->given_name;
$last_name = $google_account_info->family_name;
$picture = $google_account_info->picture;
// Check if the user exists in the database
$query = "SELECT * FROM users WHERE email = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 0) {
// User does not exist, so register them
$password = null; // No password for Google login
$query = "INSERT INTO users (email, first_name, last_name, profile_pic, password, is_verified) VALUES (?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$is_verified = 1; // Assuming Google users are considered verified
$stmt->bind_param("sssssi", $email, $first_name, $last_name, $picture, $password, $is_verified);
if ($stmt->execute()) {
// User successfully registered, set session and redirect
sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just created an account using Google Login.');
$_SESSION['user_id'] = $conn->insert_id;
$_SESSION['first_name'] = $first_name;
$_SESSION['profile_pic'] = $picture;
processLegacyMembership($_SESSION['user_id']);
// echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
header("Location: index.php");
exit();
} else {
// echo json_encode(['status' => 'error', 'message' => 'Failed to register user.']);
header("Location: index.php");
exit();
}
} else {
// User exists, set session and redirect
$row = $result->fetch_assoc();
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['profile_pic'] = $row['profile_pic'];
sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just logged in using Google Login.');
// echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
header("Location: index.php");
exit();
}
$stmt->close();
} else {
echo "Login failed.";
exit();
}
}
// Check if email and password login is requested
if (isset($_POST['email']) && isset($_POST['password'])) {
// Retrieve and sanitize form data
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
$password = trim($_POST['password']); // Remove extra spaces
// Validate input
if (empty($email) || empty($password)) {
echo json_encode(['status' => 'error', 'message' => 'Please enter both email and password.']);
exit();
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo json_encode(['status' => 'error', 'message' => 'Invalid email format.']);
exit();
}
// Prepare SQL statement to fetch user details
$query = "SELECT * FROM users WHERE email = ?";
$stmt = $conn->prepare($query);
if (!$stmt) {
echo json_encode(['status' => 'error', 'message' => 'Database query preparation failed.']);
exit();
}
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
// Check if user exists and verify password
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
// Check if the user is verified
if ($row['is_verified'] == 0) {
echo json_encode(['status' => 'error', 'message' => 'Your account is not verified. Please check your email for the verification link.']);
exit();
}
if (password_verify($password, $row['password'])) {
// Password is correct, set up session
$_SESSION['user_id'] = $row['user_id']; // Adjust as per your table structure
$_SESSION['first_name'] = $row['first_name']; // Adjust as per your table structure
$_SESSION['profile_pic'] = $row['profile_pic'];
echo json_encode(['status' => 'success', 'message' => 'Successful Login']);
} else {
// Password is incorrect
echo json_encode(['status' => 'error', 'message' => 'Invalid password.']);
}
} else {
// User does not exist
echo json_encode(['status' => 'error', 'message' => 'User with that email does not exist.']);
}
// Close the statement and connection
$stmt->close();
}
// Close connection
$conn->close();
exit();
?>
Reference in New Issue View Git Blame Copy Permalink