File size: 2Kb
<?php
require_once '../system/function.php';
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json; charset=utf8');
header('Access-Control-Allow-Methods: POST');
$data = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['login']) and isset($_POST['password'])) {
if (!empty($_POST['login']) and !empty($_POST['password'])) {
$auth = true;
$login = input($_POST['login']);
$password = encrypt($_POST['password']);
if ($db->query("SELECT * FROM `users` WHERE login = '$login'")->num_rows and $db->query("SELECT * FROM `users` WHERE password = '$password'")->num_rows) {
$query = "SELECT * FROM `users` WHERE login = '$login' and password = '$password' LIMIT 1";
$user = $db->query($query)->fetch_assoc();
$userPhoto = file_exists(H.'/modules/users/photos/'.$user['id'].'.png') ? 'https://'.$_SERVER['HTTP_HOST'].'/modules/users/photos/'.$user['id'].'.png' : 'https://'.$_SERVER['HTTP_HOST'].'/assets/img/user_api.png';
$data = array(
'user' => [
'id' => $user['id'],
'login' => $login,
'password' => $_POST['password'],
'userPhoto' => $userPhoto,
'registration' => $user['date_reg']
]
);
$db->query("UPDATE `users` SET `date_last` = ".time()." WHERE `id` = ".$user['id']);
} else {
$data = array(
'data' => [
'error' => "Bad Request",
'message' => "Wrong login or password"
],
'success' => false,
'status' => 400
);
}
} else {
$data = array(
'data' => [
'error' => "Bad Request",
'message' => "Empty login or password"
],
'success' => false,
'status' => 400
);
}
} else {
$data = array(
'data' => [
'error' => "Bad Request",
'message' => "Empty Request"
],
'success' => false,
'status' => 400
);
}
} else {
$data = array(
'data' => [
'error' => "Bad Request",
'message' => "HTTP method not allowed"
],
'success' => false,
'status' => 400
);
}
echo json_encode($data, JSON_UNESCAPED_UNICODE);
exit;