Файл: app/android/index.php
Строк: 53
<?php
$form = [
'value' => [
'email' => isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : null,
'password' => isset($_POST['password']) ? trim($_POST['password']) : null,
'captcha' => isset($_POST['captcha']) ? mb_strtolower(trim($_POST['captcha'])) : null
],
'error' => [],
];
if (isset($_POST['submit'])) {
$stmt = $db->prepare("SELECT user_id, email, password FROM users WHERE email = :email");
$stmt->bindParam(':email', $form['value']['email'], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_OBJ);
if (empty($form['value']['email'])) {
$form['error']['email'] = 'Необходимо ввести E-Mail';
} elseif (!filter_var($form['value']['email'], FILTER_VALIDATE_EMAIL)) {
$form['error']['email'] = 'Введите корректный E-Mail';
} elseif (@$result->email !== $form['value']['email']) {
$form['error']['email'] = 'Пользователь с таким E-Mail не найден';
}
if (empty($form['value']['password'])) {
$form['error']['password'] = 'Необходимо ввести пароль';
} elseif (@count($form['error']['email']) == 0) {
if (!password_verify($form['value']['password'], $result->password)) {
$form['error']['password'] = 'Пароль неверный';
}
}
if (empty($form['value']['captcha'])) {
$form['error']['captcha'] = 'Необходимо ввести код с картинки';
}
elseif ($form['value']['captcha'] !== @$_SESSION['captcha']) {
$form['error']['captcha'] = 'Неверно введен код с картинки';
}
unset($_SESSION['captcha']);
if (count($form['error']) == 0) {
$user_id = $result->user_id;
$token = md5(random_string());
$created_at = date('Y-m-d H:i:s', time());
$json = json_decode(file_get_contents('http://ip-api.com/json/'.get_ip().'?lang=ru'));
$location = $json->country.', '.$json->city;
$stmt = $db->prepare("INSERT INTO users_sessions SET user_id = :user_id, token = :token, created_at = :created_at, ip = :ip, location = :location");
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$stmt->bindParam(':token', $token, PDO::PARAM_STR);
$stmt->bindParam(':created_at', $created_at, PDO::PARAM_STR);
$stmt->bindParam(':ip', get_ip(), PDO::PARAM_STR);
$stmt->bindParam(':location', $location, PDO::PARAM_STR);
$stmt->execute();
$session = json_encode([
'user_id' => base64_encode($user_id),
'token' => base64_encode($token),
]);
$session = base64_encode($session);
setcookie('__session', $session, 86400 * 365 + time(), '.uspay.ru');
$_SESSION['__session'] = $session;
redirect('/android');
exit;
}
}
echo $template->render('android.index', [
'form' => $form,
]);