<?php
if($decrypt_focus === '[USER_LOGIN]'):
	if(! isset($_POST['zipcode']) OR $_POST['zipcode'] !== '' OR strlen($_POST['zipcode']) > 0):
		die(result(false, 'You are not authorized user.'));
	endif;

	$email = strip_tags(remspace(sanitize_email(escape($_POST['email']))));
	$password = strip_tags(remspace(escape($_POST['password'])));

	if(empty($email)):
		die(result(false, "Please enter your email address."));
	elseif(empty($password)):
		die(result(false, "Please enter your password."));
	else:
		$pass = hash('whirlpool', hash('sha512', $password) . hash('sha384', $password . md5($password)) . TOKEN);
		$hash = hash('whirlpool', hash('sha384', $password) . hash('sha512', $password . md5($password)) . TOKEN);

		$stmt = $mysqli->prepare("SELECT userid, status FROM users WHERE (email = ? AND password = ? AND hash = ?)") or die(result(false, "An error occurred. Please try after some time."));
		$stmt->bind_param('sss', $email, $pass, $hash);
		$stmt->execute();
		$stmt->store_result();
		$count_rows = $stmt->num_rows();
		$stmt->bind_result($userid, $status);
		$stmt->fetch();
		$stmt->close();
		$mysqli->close();
		if($count_rows == 1):
			if($status === 'disabled'):
				die(result(false, "Your account is not active."));
			elseif($status === 'pending'):
				die(result(false, "Your email address is not confirmed."));
			else:
				$_SESSION['LOGGED_USER_CREDS']['LOGGED_USER_ID'] = $userid;
				$_SESSION['LOGGED_USER_CREDS']['LOGGED_USER_EMAIL'] = $email;

				die(result(false, $baseurl . "account", "surl"));
			endif;
		else:
			die(result(false, "Your login credentials is wrong."));
		endif;
	endif;
else:
	die(result(false, "Access Denied!."));
endif;
?>