File manager - Edit - /home/justdoit/portal.springpasscapital.com/auth/verify-code.php
Back
<?php session_start(); require_once '../config/database.php'; require_once '../includes/functions.php'; if ($_SERVER['REQUEST_METHOD'] !== 'POST') { header('Location: ../index.php'); exit; } if (!isset($_SESSION['temp_user_id'])) { header('Location: ../index.php?error=' . urlencode('Session expired. Please login again.')); exit; } $userId = intval($_SESSION['temp_user_id']); $code = preg_replace('/[^0-9]/', '', trim($_POST['code'] ?? '')); if (empty($code) || strlen($code) !== 6) { header('Location: ../index.php?verify=1&error=' . urlencode('Please enter a valid 6-digit code')); exit; } try { // Use PHP time for consistent comparison $currentTime = date('Y-m-d H:i:s'); // Find valid code - not used and not expired $stmt = $pdo->prepare(" SELECT * FROM login_verification_codes WHERE user_id = ? AND code = ? AND used = 0 AND expires_at > ? ORDER BY created_at DESC LIMIT 1 "); $stmt->execute([$userId, $code, $currentTime]); $verification = $stmt->fetch(); if ($verification) { // Mark code as used $stmt = $pdo->prepare("UPDATE login_verification_codes SET used = 1 WHERE id = ?"); $stmt->execute([$verification['id']]); // Get user data $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$userId]); $user = $stmt->fetch(); if ($user) { // Set session variables $_SESSION['user_id'] = $user['id']; $_SESSION['user_email'] = $user['email']; $_SESSION['user_name'] = $user['full_name']; $_SESSION['user_role'] = $user['role']; // Generate avatar $nameParts = explode(' ', $user['full_name']); $avatar = strtoupper(substr($nameParts[0], 0, 1) . (isset($nameParts[1]) ? substr($nameParts[1], 0, 1) : '')); $_SESSION['user_avatar'] = $user['avatar'] ?? $avatar; $_SESSION['last_activity'] = time(); // Update last login $stmt = $pdo->prepare("UPDATE users SET last_login = NOW() WHERE id = ?"); $stmt->execute([$user['id']]); // Log successful login $stmt = $pdo->prepare("INSERT INTO security_logs (user_id, action, ip_address, user_agent, status) VALUES (?, 'login_success', ?, ?, 'success')"); $stmt->execute([$user['id'], $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'] ?? 'unknown']); // Track session if (function_exists('trackUserSession')) { trackUserSession($user['id']); } // Clean up temp session unset($_SESSION['temp_user_id']); unset($_SESSION['temp_user_email']); unset($_SESSION['code_expires_at']); unset($_SESSION['code_expires_timestamp']); unset($_SESSION['dev_code']); // Redirect to dashboard header('Location: ../index.php?page=dashboard&welcome=1'); exit; } } // Code invalid - check if expired for better error message $stmt = $pdo->prepare("SELECT * FROM login_verification_codes WHERE user_id = ? AND code = ? AND used = 0 ORDER BY created_at DESC LIMIT 1"); $stmt->execute([$userId, $code]); $found = $stmt->fetch(); if ($found && $found['expires_at'] <= $currentTime) { header('Location: ../index.php?verify=1&error=' . urlencode('Code expired. Request a new one.')); } else { header('Location: ../index.php?verify=1&error=' . urlencode('Invalid code. Please try again.')); } exit; } catch (PDOException $e) { error_log("Verification error: " . $e->getMessage()); header('Location: ../index.php?verify=1&error=' . urlencode('System error. Please try again.')); exit; } ?>
| ver. 1.4 |
Github
|
.
| PHP 7.0.33 | Generation time: 0.57 |
proxy
|
phpinfo
|
Settings