46 lines
1.4 KiB
PHP
46 lines
1.4 KiB
PHP
<?php
|
|
session_start();
|
|
require_once($_SERVER['DOCUMENT_ROOT'] . '/db.php');
|
|
|
|
$errors = [];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$user = trim($_POST['login_email'] ?? '');
|
|
$password = $_POST['login_password'] ?? '';
|
|
$captcha = $_POST['g-recaptcha-response'] ?? '';
|
|
|
|
if (empty($user) || empty($password)) {
|
|
$errors[] = "All fields are required.";
|
|
}
|
|
|
|
// CAPTCHA validation
|
|
$captcha_secret = '6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe'; // Google's test secret key
|
|
$captcha_response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$captcha_secret}&response={$captcha}");
|
|
$captcha_data = json_decode($captcha_response);
|
|
|
|
if (!$captcha_data->success) {
|
|
$errors[] = "CAPTCHA verification failed.";
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
$conn = getConnection();
|
|
$stmt = $conn->prepare("SELECT id, password, uniqueid FROM users WHERE email = :user OR username = :user");
|
|
$stmt->execute(['user' => $user]);
|
|
$result = $stmt->fetch();
|
|
|
|
if ($result && password_verify($password, $result['password'])) {
|
|
$_SESSION['user_id'] = $result['id'];
|
|
$_SESSION['uniqueid'] = $result['uniqueid'];
|
|
header("Location: /home.php");
|
|
exit();
|
|
} else {
|
|
$errors[] = "Invalid credentials.";
|
|
}
|
|
}
|
|
|
|
$_SESSION['login_error'] = implode("<br>", $errors);
|
|
header("Location: /landing.php");
|
|
exit();
|
|
}
|
|
?>
|