0 && !empty($_SESSION["email"]); } function doLogin(){ global $mysqli; if(!empty($_POST["email"]) && !empty($_POST["password"])){ $email = $_POST["email"]; $pass = $_POST["password"]; /* prepare statement */ $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, isAdmin FROM Users WHERE EMAIL = ? AND isActive = 1"); $stmt->bind_param("s", $email); $stmt->execute(); $idcko = 0; $fname = ""; $lname = ""; $nickname = ""; $pwdhash = ""; $mcnick = ""; $isadmin = false; /* bind variables to prepared statement */ $stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $isadmin); $found = false; /* fetch values */ while ($stmt->fetch()) { if (password_verify($pass, $pwdhash)){ $_SESSION["ID"] = $idcko; $_SESSION["first_name"] = $fname; $_SESSION["last_name"] = $lname; $_SESSION["nickname"] = $nickname; $_SESSION["email"] = $email; $_SESSION["mcnick"] = $mcnick; $_SESSION["isadmin"] = $isadmin; $found = true; break; } else{ $found = false; } break; } $stmt->close(); if($found){ $status = ["status" => "success"]; } else{ $status = ["status" => "fail"]; } echo json_encode($status); } } function doLogout(){ if(isLoggedIn()){ session_destroy(); $status = ["status" => "success"]; } else{ $status = ["status" => "fail"]; } echo json_encode($status); } function doRegister(){ $status = ["status" => "fail"]; if (!empty($_POST["activationtoken"])){ global $mysqli; $firstName = $_POST["firstname"]; $lastName = $_POST["lastname"]; $nickname = $_POST["nickname"]; $email = $_POST["email"]; $password = $_POST["password"]; $minecraftNick = $_POST["minecraftnick"]; $activationToken = $_POST["activationtoken"]; if (!empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($email) && !empty($password) && !empty($activationToken)){ $passwordHash = password_hash($password, PASSWORD_DEFAULT); $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?"); $stmt->bind_param("ssssss", $firstName, $lastName, $nickname, $email, $passwordHash, $minecraftNick, $activationToken); $stmt->execute(); if ($stmt->affected_rows > 0) { $status["status"] = "success"; } $stmt->close(); } } } ?>