false, "message" => "Service temporarily unavailable.")); exit; } // Get posted data $input = file_get_contents("php://input"); $data = json_decode($input); if (json_last_error() !== JSON_ERROR_NONE) { http_response_code(400); echo json_encode(array("success" => false, "message" => "Invalid JSON data.")); exit; } // Check if data is not empty if (!empty($data->email) && !empty($data->password)) { // Prepare query $query = "SELECT id, username, email, password_hash, tier, package, balance, total_deposits, total_withdrawals, rewards, account_status, is_active FROM users WHERE (username = :credential OR email = :credential) AND is_active = 1"; $stmt = $db->prepare($query); $credential = htmlspecialchars(strip_tags($data->email)); $stmt->bindParam(":credential", $credential); try { $stmt->execute(); } catch(PDOException $e) { error_log("Database error: " . $e->getMessage()); http_response_code(500); echo json_encode(array("success" => false, "message" => "Database error occurred.")); exit; } if ($stmt->rowCount() == 1) { $row = $stmt->fetch(PDO::FETCH_ASSOC); // Check account status if ($row['account_status'] !== 'active') { http_response_code(403); echo json_encode(array("success" => false, "message" => "Account is suspended or pending approval.")); exit; } // Verify password if (password_verify($data->password, $row['password_hash'])) { // Create session $ip_address = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown'; $session_id = $sessionManager->createSession($row['id'], $ip_address, $user_agent); if ($session_id) { // Log activity $sessionManager->logActivity($row['id'], 'login', 'User logged in successfully', $ip_address, $user_agent); $sessionManager->updateLastLogin($row['id']); // Set session variables $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email']; $_SESSION['tier'] = $row['tier']; $_SESSION['package'] = $row['package']; $_SESSION['balance'] = $row['balance']; $_SESSION['total_deposits'] = $row['total_deposits']; $_SESSION['total_withdrawals'] = $row['total_withdrawals']; $_SESSION['rewards'] = $row['rewards']; $_SESSION['session_id'] = $session_id; $_SESSION['logged_in'] = true; $_SESSION['login_time'] = time(); http_response_code(200); echo json_encode(array( "success" => true, "message" => "Login successful.", "redirect" => "src/pages/index.php", "user_data" => [ "user_id" => $row['id'], "username" => $row['username'], "email" => $row['email'], "tier" => $row['tier'], "package" => $row['package'], "balance" => $row['balance'] ] )); } else { http_response_code(500); echo json_encode(array("success" => false, "message" => "Session creation failed.")); } } else { http_response_code(401); echo json_encode(array("success" => false, "message" => "Invalid password.")); } } else { http_response_code(404); echo json_encode(array("success" => false, "message" => "User not found or account inactive.")); } } else { http_response_code(400); echo json_encode(array("success" => false, "message" => "Unable to login. Data is incomplete.")); } ?>