diff --git a/ajax/authenticateMe.php b/ajax/authenticateMe.php
new file mode 100644
index 0000000..b942bd8
--- /dev/null
+++ b/ajax/authenticateMe.php
@@ -0,0 +1,122 @@
+<?php
+
+require_once '../includes/imp_files.php';
+session_start();
+
+$cookie_life_days = COOKIE_LIFE_DAYS;
+
+$std = new stdClass();
+$std->message = array();
+$std->error = true;
+
+    if (isset($_POST['floID'], $_POST['floPubKey'], $_SESSION['session_id'], $_POST['signDataWithFlo'] )){
+        
+        ob_start();
+        
+            function callAPI($method, $url, $data){
+            $curl = curl_init();
+            switch ($method){
+                case "POST":
+                    curl_setopt($curl, CURLOPT_POST, 1);
+                    if ($data)
+                        curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
+                    break;
+                case "PUT":
+                    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
+                    if ($data)
+                        curl_setopt($curl, CURLOPT_POSTFIELDS, $data);                              
+                    break;
+                default:
+                    if ($data)
+                        $url = sprintf("%s?%s", $url, http_build_query($data));
+            }
+            // OPTIONS:
+            curl_setopt($curl, CURLOPT_URL, $url);
+            curl_setopt($curl, CURLOPT_HTTPHEADER, array(
+                'APIKEY: 111111111111111111111',
+                'Content-Type: application/json',
+            ));
+            curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+            curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
+            // EXECUTE:
+            $result = curl_exec($curl);
+            if(!$result){
+                $std->message[] = "Authentication Service is not working ";
+                $std->error = true;
+                echo json_encode($std);
+                return false;
+                }
+            curl_close($curl);
+            return $result;
+            }
+    
+            $floID = $_POST['floID'];
+            $pubKey = $_POST['floPubKey'];
+            $s_id = $_SESSION['session_id'];
+            $signDataWithFlo = $_POST['signDataWithFlo'];
+    
+    
+            $data_array =  array( "floID"        => $floID, "pubKey" => $pubKey, "message" => $s_id, "sign" => $signDataWithFlo  );
+            $make_call = callAPI('POST', 'https://flo-sign-validator.duckdns.org', json_encode($data_array));
+            $response = json_decode($make_call, true);
+    
+    
+            if ($response['success'] == 1) {
+                
+                ob_end_clean();
+                ob_start();
+                
+                setcookie("exchange[flo_id]", $floID, time () + (86400 * $cookie_life_days));
+                setcookie("exchange[session_id]", $s_id, time () + (86400 * $cookie_life_days));
+                setcookie("exchange[flo_pub_key]", $pubKey,time () + (86400 * $cookie_life_days)); 
+
+                $_SESSION['authenticated'] = true;         
+                $_SESSION['flo_id'] = $floID;
+
+//Now  I need to enter public key and session ID in database .. but first I need to know the username 
+// This check can be suspended here. If the user has correct FLO signature, but does not exist in database, he will fail the gate at acc_deact.php
+                if (isset($UserClass)) { 
+                    $permitted_status = $UserClass->checkIfFloIDPermitted($floID);
+                    if ($permitted_status == true){
+                    $UserClass->update_flo_details($floID, $s_id, $pubKey);
+                    
+                    $userDetails = $UserClass->getUserDetails($floID);
+                    $_SESSION['user_id'] = $userDetails->CustomerId;
+                    $_SESSION['user_name'] = $userDetails->Name;
+                    $_SESSION['email'] = $userDetails->Email;
+
+
+                    $std->message[] = "Authentication Succeeded.";
+                    
+                    $std->error = false;
+                    echo json_encode($std);
+                    return true;
+                    } else { 
+                        if (($UserClass->check_flo_id_registration_status($floID) == true) && ($UserClass->check_flo_id_active_status($floID) != true)) {
+                            $std->message[] = "FLO ID is not active. Please contact RanchiMall Team. ";
+                            $std->error = true;
+                            echo json_encode($std);
+                            return false; }
+                        if ($UserClass->check_flo_id_registration_status($floID) != true ) {
+                            $std->message[] = "Your FLO ID is not registered. Please contact RanchiMall Team and get yourself registered.";
+                            $std->error = true;
+                            echo json_encode($std);
+                            return false; }    
+                    }     
+                }
+            
+            }
+            
+                
+              else {
+                $std->message[] = "Authentication has failed. ";
+                $std->error = true;
+                echo json_encode($std);
+                return false;
+            }
+} else {
+    $std->message[] = "All data fields not present. ";
+    $std->error = true;
+    echo json_encode($std);
+    return false;
+}
diff --git a/ajax/load_cash_in_bank.php b/ajax/load_cash_in_bank.php
index d8e9de0..019ec79 100644
--- a/ajax/load_cash_in_bank.php
+++ b/ajax/load_cash_in_bank.php
@@ -1,11 +1,4 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/24/2017
- * Time: 9:37 PM
- */
-
 require_once '../includes/imp_files.php';
 
 if (!checkLoginStatus()) {
@@ -101,7 +94,7 @@ if (isset($_POST['job'])) {
                         <p>1 BTC AT THE TIME OF REQUEST: $ $btc_today</p>
                         <p>EMAIL: $email_id</p> 
                         <p>REMARKS: <strong>".$remarks."</strong></p>  
-                        <p>SENDER FB ID: facebook.com/".$fb_id."</p>
+                        <p>SENDER FLO ID: ".$flo_id."</p>
                         </div>
                         <footer>
                         <p>Thank You</p>
@@ -126,4 +119,4 @@ if (isset($_POST['job'])) {
 }
 
 
-return false;
\ No newline at end of file
+return false;
diff --git a/ajax/logout.php b/ajax/logout.php
new file mode 100644
index 0000000..9c5ec9c
--- /dev/null
+++ b/ajax/logout.php
@@ -0,0 +1,17 @@
+<?php 
+session_start();
+$_SESSION['authenticated'] = false;
+ob_end_clean();
+ob_start(); 
+if (isset($_COOKIE['exchange'])) {
+        unset($_COOKIE['exchange[flo_id]']); 
+        setcookie('exchange[flo_id]', null, -1); 
+        unset($_COOKIE['exchange[session_id]']); 
+        setcookie('exchange[session_id]', null, -1); 
+        unset($_COOKIE['exchange[flo_pub_key]']); 
+        setcookie('exchange[flo_pub_key]', null, -1);
+        unset($_COOKIE['exchange']); 
+        setcookie('exchange', null, -1);
+     }
+session_destroy();
+?>
diff --git a/ajax/pay_in_btc.php b/ajax/pay_in_btc.php
index 905ad90..b3488e3 100644
--- a/ajax/pay_in_btc.php
+++ b/ajax/pay_in_btc.php
@@ -1,11 +1,4 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/21/2017
- * Time: 8:19 PM
- */
-
 require_once '../includes/imp_files.php';
 
 if (!checkLoginStatus()) {
@@ -144,7 +137,7 @@ if (isset($_POST['job']) && trim($_POST['job']) == "pay_in_btc") {
                         <p>AMOUNT TO TRANSFER: <strong>$ $balance_to_transfer</strong> (DO NOT SEND MORE THAN $ $allowed_bid_amount.)</p>
                         <p>EMAIL: $senders_email</p> 
                         <p>REMARKS: <strong>".$remarks."</strong></p>  
-                        <p>SENDER FB ID: facebook.com/".$fb_id."</p>
+                        <p>SENDER FLO ID: ".$flo_id."</p>
                         </div>
                         <footer>
                         <p>Thank You</p>
@@ -178,4 +171,4 @@ if (isset($_POST['job']) && trim($_POST['job']) == "pay_in_btc") {
         return true;
     }
 }
-return false;
\ No newline at end of file
+return false;
diff --git a/ajax/rm_root.php b/ajax/rm_root.php
index 3df9e34..2a29273 100644
--- a/ajax/rm_root.php
+++ b/ajax/rm_root.php
@@ -1,23 +1,15 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/12/2017
- * Time: 10:43 AM
- */
-
 require_once '../includes/imp_files.php';
 
 if (!checkLoginStatus()) {
     return false;
 }
 
-if (isset($_SESSION['fb_id'], $_SESSION['user_id'], $_SESSION['user_name'])) {
-    $root_fb = (int) $_SESSION['fb_id'];
-    $root_user_id = (int) $_SESSION['user_id'];
-    $root_user_name = (string) $_SESSION['user_name'];
-
-    if ($root_fb != ADMIN_FB_ID && $root_user_id != ADMIN_ID && $root_user_name != ADMIN_UNAME) {
+if (isset($_SESSION['flo_id'], $_SESSION['user_id'])) {
+    $root_flo = $_SESSION['flo_id'];
+    $root_user_id = $_SESSION['user_id'];
+    
+    if ($root_flo != ADMIN_FLO_ID && $root_user_id != ADMIN_ID) {
         redirect_to("index.php");
     }
 
@@ -49,4 +41,4 @@ if (isset($_SESSION['fb_id'], $_SESSION['user_id'], $_SESSION['user_name'])) {
         return false;
     }
 
-}
\ No newline at end of file
+}
diff --git a/ajax/transfer_balance_to_bank.php b/ajax/transfer_balance_to_bank.php
index 8ada6b4..ac7a8eb 100644
--- a/ajax/transfer_balance_to_bank.php
+++ b/ajax/transfer_balance_to_bank.php
@@ -1,11 +1,4 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/21/2017
- * Time: 8:19 PM
- */
-
 require_once '../includes/imp_files.php';
 
 if (!checkLoginStatus()) {
@@ -143,7 +136,7 @@ if (isset($_POST['job']) && trim($_POST['job']) == "transfer_to_bank") {
                         <p>AMOUNT TO TRANSFER: <strong>$ $balance_to_transfer</strong> (DO NOT SEND MORE THAN $ $allowed_bid_amount.)</p>
                         <p>EMAIL: $senders_email</p> 
                         <p>REMARKS: <strong>".$remarks."</strong></p>  
-                        <p>SENDER FB ID: facebook.com/".$fb_id."</p>
+                        <p>SENDER FLO ID: ".$flo_id."</p>
                         </div>
                         <footer>
                         <p>Thank You</p>
@@ -177,4 +170,4 @@ if (isset($_POST['job']) && trim($_POST['job']) == "transfer_to_bank") {
         return true;
     }
 }
-return false;
\ No newline at end of file
+return false;
diff --git a/ajax/transfer_rtm_to_bchain.php b/ajax/transfer_rtm_to_bchain.php
index bda50db..aa2e983 100644
--- a/ajax/transfer_rtm_to_bchain.php
+++ b/ajax/transfer_rtm_to_bchain.php
@@ -1,10 +1,4 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/24/2017
- * Time: 9:35 AM
- */
 
 /**
  *  This section is incomplete
@@ -119,7 +113,7 @@ if (isset($_POST['job']) && trim($_POST['job']) == "rtm_to_bchain") {
                         <p>AMOUNT TO TRANSFER: <strong>RMT $balance_to_transfer</strong></p>
                         <p>EMAIL: $email_id</p> 
                         <p>REMARKS: <strong>".$remarks."</strong></p>  
-                        <p>SENDER FB ID: facebook.com/".$fb_id."</p>
+                        <p>SENDER FLO ID: ".$flo_id."</p>
                         </div>
                         <footer>
                         <p>Thank You</p>
@@ -163,4 +157,4 @@ if (isset($_POST['job']) && trim($_POST['job']) == "rtm_to_bchain") {
         echo json_encode($std);
         return true;
     }
-}
\ No newline at end of file
+}
diff --git a/classes/Users.php b/classes/Users.php
index 81badac..a55b00e 100644
--- a/classes/Users.php
+++ b/classes/Users.php
@@ -1,10 +1,4 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: user
- * Date: 17-Oct-16
- * Time: 9:22 AM
- */
 
 class Users {
 
@@ -18,7 +12,6 @@ class Users {
     private $bal_history = CREDITS_HISTORY_TABLE;
     private $bank_acc = ACCOUNTS_TABLE;
     private $fund_trans = TRANSFER_INFO_TABLE;
-    private $user_name = null;
     private $email = null;
     private $name = null;
     private $is_active = null;
@@ -57,31 +50,32 @@ class Users {
         return false;
     }
 
-    public function is_fb_registered($fb_id) {
 
+
+    public function doInitialUserHandling($flo_id) {
+
+// If username exists only then do FLO ID  insertion        
         if ($this->databaseConnection()) {
             $now = $this->time_now();
-            $query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE `fb_id`=:fb_id");
-            $query->bindValue(':fb_id', $fb_id, PDO::PARAM_STR);
+            
+// I have added LIMIT 1 .. so only the first FLO ID is allowed. If there are two FLO IDs for same user, the second one will be discarded. MAYBE I SHOULD ADD AN EXPLICT CHECK LATER FOR DUPLICATE FLO ID WHILE BEING INSERTED
+            $query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE `flo_id`=:flo_id LIMIT 1");
+            $query->bindValue(':flo_id', $flo_id, PDO::PARAM_STR);
             $query->execute();
 
             $rowCount = $query->rowCount();
 
             if($rowCount) {
-
+                //The case where FLO ID exists in database
                 $user_obj = $query->fetchObject();
 
                 $update_query = $this->db_connection->prepare("UPDATE $this->customers_table
                                                             SET `SaveDate`='$now'
-                                                            WHERE `fb_id`=:fb_id
+                                                            WHERE `flo_id`=:flo_id
                                                             LIMIT 1");
-                $update_query->bindValue(':fb_id', $fb_id, PDO::PARAM_STR);
+                $update_query->bindValue(':flo_id', $flo_id, PDO::PARAM_STR);
                 $update_query->execute();
 
-                $_SESSION['user_id'] = $user_obj->CustomerId;
-                $_SESSION['user_name'] = $user_obj->Username;
-                $_SESSION['email'] = $user_obj->Email;
-
                 if (!isset($_SESSION['last_trade_date'])) {
                     $_SESSION['last_trade_date'] = $user_obj->SaveDate;
                 }
@@ -89,22 +83,28 @@ class Users {
 
             } else {
 
-                $this->user_name = $_SESSION['first_name'].time();
-                $this->name = $_SESSION['full_name'];
-                $this->email = $_SESSION['email'];
+                //The case when FLO ID does not exist in database
+                //NOT NEEDED .. These session variables are set in authenticateMe.php
+               $this->user_name = $flo_id.time();
+               $this->email = (isset($_SESSION['email'])) ? $_SESSION['email'] : "";
+                $this->name = (isset($_SESSION['user_name'])) ? $_SESSION['user_name'] : "";
 
                 $query = $this->db_connection->prepare("
-                    INSERT INTO $this->customers_table (`CustomerId`, `fb_id`, `Username`, `Email`, `Name`, `UpdateDate`, `InsertDate`, `SaveDate`, `is_active`)
-                    VALUES ('',:fb_id,:Username,:Email,:Name,NULL,'$now',NULL,0)
+                    INSERT INTO $this->customers_table (`CustomerId`, `flo_id`, `Username`, `Email`, `Name`, `UpdateDate`, `InsertDate`, `SaveDate`, `is_active`)
+                    VALUES ('',:flo_id,:Username,:Email,:Name,NULL,'$now',NULL,0)
                 ");
 
-                $query->bindValue(':fb_id', $fb_id, PDO::PARAM_INT);
+// Here we are setting name = FLO ID. Later we can ask for actual name and email when user logs in second time if both are same, and update
+//Also email will be blank here for first time FLO user. That will give a signature to update the email later.                
+
+                $query->bindValue(':flo_id', $flo_id, PDO::PARAM_INT);
                 $query->bindValue(':Username', $this->user_name, PDO::PARAM_STR);
                 $query->bindValue(':Email', $this->email, PDO::PARAM_STR);
                 $query->bindValue(':Name', $this->name, PDO::PARAM_STR);
                 if($query->execute()) {
                     $_SESSION['user_id'] = $this->db_connection->lastInsertId();
-                    $_SESSION['user_name'] = $this->user_name;
+                    
+                  
                     $AssetTypeId = 'btc';
                     $Balance = 0.00;
                     $FrozenBalance = 0.00;
@@ -128,6 +128,74 @@ class Users {
         }
     }
 
+
+public function check_flo_id_active_status($flo_id) {
+
+        if ($this->databaseConnection()) {
+
+            $query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE flo_id = :flo_id AND is_active = 1 LIMIT 1");
+            $query->bindParam('flo_id', $flo_id);
+
+            if ($query->execute()) {
+                $row_count = $query->rowCount();
+                if ($row_count == 1) {
+                    return true;
+                }
+                return false;
+            } else {
+                return false;
+            }
+        }
+        return false;
+    }
+
+public function check_flo_id_registration_status($flo_id) {
+
+        if ($this->databaseConnection()) {
+
+            $query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE flo_id = :flo_id LIMIT 1");
+            $query->bindParam('flo_id', $flo_id);
+
+            if ($query->execute()) {
+                $row_count = $query->rowCount();
+                if ($row_count == 1) {
+                    return true;
+                }
+                return false;
+            } else {
+                return false;
+            }
+        }
+        return false;
+    }
+
+
+public function checkIfFloIDPermitted($flo_id){
+    if (($this->check_flo_id_registration_status($flo_id) == true) && ($this->check_flo_id_active_status($flo_id) == true)){
+            return true;
+    }
+
+    return false;
+}
+
+public function update_flo_details($floID, $auth_random, $floPublicKey) {
+        
+        $now = $this->time_now();
+        if ($this->databaseConnection()) {
+            $query = $this->db_connection->prepare("UPDATE `$this->customers_table` SET `auth_random` = :authRandom, `floPublicKey` = :floPublicKey, `updateDate` = '$now' WHERE `flo_id` = :floID LIMIT 1");
+            $query->bindValue(':authRandom', $auth_random, PDO::PARAM_STR);
+            $query->bindValue(':floPublicKey', $floPublicKey, PDO::PARAM_STR);
+            $query->bindValue(':floID', $floID, PDO::PARAM_STR);
+            
+
+            if($query->execute()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+
     public function check_user($customerId) {
 
         if ($this->databaseConnection()) {
@@ -253,6 +321,22 @@ class Users {
         return false;
     }
 
+    public function getUserDetails($flo_id) {
+
+        if ($this->databaseConnection()) {
+            $customerId = (int) $customerId;
+            $query = $this->db_connection->prepare("SELECT CustomerId,Name,Email FROM ".USERS_TABLE." WHERE flo_id = :id LIMIT 1");
+            $query->bindParam('id', $flo_id);
+
+            $query->execute();
+            $row_count = $query->rowCount();
+            if ($row_count == 1) {
+                return $query->fetchObject();
+            }
+        }
+        return false;
+    }
+
     public function input_user_email($email=null, $user_id=null) {
         if ($this->databaseConnection()) {
             $query = $this->db_connection->prepare("
@@ -268,4 +352,4 @@ class Users {
         return false;
     }
 
-}
\ No newline at end of file
+}
diff --git a/css/custom.css b/css/custom.css
index ceb9864..90965f5 100644
--- a/css/custom.css
+++ b/css/custom.css
@@ -78,6 +78,16 @@ input[type=text] {
   margin-top: 10px;
   margin-bottom: 10px;
 }
+input[type=password] {
+  background: #FAFAFA;
+  border: 1px solid #F4F4F4;
+  border-radius: 3px;
+  display: block;
+  width: 100%;
+  padding: 10px;
+  margin-top: 10px;
+  margin-bottom: 10px;
+}
 label {
   display: block;
   font-weight: 100;
diff --git a/fbconfig.php b/fbconfig.php
deleted file mode 100644
index 45a82e5..0000000
--- a/fbconfig.php
+++ /dev/null
@@ -1,88 +0,0 @@
-<?php
-if(!session_id()) {
-    session_start();
-}
-require_once 'includes/imp_files.php';
-require_once 'vendor/autoload.php';
-$fb = new Facebook\Facebook([
-    'app_id' => APP_ID,
-    'app_secret' => APP_SECRET,
-    'default_graph_version' => 'v2.12',
-]);
-$helper = $fb->getRedirectLoginHelper();
-if (isset($_GET['state'])) {
-    $helper->getPersistentDataHandler()->set('state', $_GET['state']);
-}
-//$helper = $fb->getRedirectLoginHelper();
-$permissions = ['email']; // optional
-
-try {
-    if (isset($_SESSION['facebook_access_token'])) {
-        $accessToken = $_SESSION['facebook_access_token'];
-    } else {
-        $accessToken = $helper->getAccessToken();
-    }
-} catch(Facebook\Exceptions\FacebookResponseException $e) {
-    // When Graph returns an error
-    echo 'Graph returned an error: ' . $e->getMessage();
-    exit;
-} catch(Facebook\Exceptions\FacebookSDKException $e) {
-    // When validation fails or other local issues
-    echo 'Facebook SDK returned an error: ' . $e->getMessage();
-    exit;
-}
-if (isset($accessToken)) {
-    if (isset($_SESSION['facebook_access_token'])) {
-        $fb->setDefaultAccessToken($_SESSION['facebook_access_token']);
-    } else {
-        // getting short-lived access token
-        $_SESSION['facebook_access_token'] = (string) $accessToken;
-        // OAuth 2.0 client handler
-        $oAuth2Client = $fb->getOAuth2Client();
-        // Exchanges a short-lived access token for a long-lived one
-        $longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($_SESSION['facebook_access_token']);
-        $_SESSION['facebook_access_token'] = (string) $longLivedAccessToken;
-        // setting default access token to be used in script
-        $fb->setDefaultAccessToken($_SESSION['facebook_access_token']);
-    }
-    // redirect the user back to the same page if it has "code" GET variable
-    if (isset($_GET['code'])) {
-        header('Location: ./');
-    }
-    // getting basic info about user
-    try {
-        $profile_request = $fb->get('/me?fields=name,first_name,last_name,email');
-        $profile = $profile_request->getGraphNode()->asArray();
-    } catch(Facebook\Exceptions\FacebookResponseException $e) {
-        // When Graph returns an error
-        echo 'Graph returned an error: ' . $e->getMessage();
-        session_destroy();
-        // redirecting user back to app login page
-        header("Location: ./");
-        exit;
-    } catch(Facebook\Exceptions\FacebookSDKException $e) {
-        // When validation fails or other local issues
-        echo 'Facebook SDK returned an error: ' . $e->getMessage();
-        exit;
-    }
-
-    // printing $profile array on the screen which holds the basic info about user
-
-    $name = isset($profile['name']) ? $profile['name'] : null;
-    $first_name = isset($profile['first_name']) ? $profile['first_name'] : null;
-    $last_name = isset($profile['last_name']) ? $profile['last_name'] : null;
-    $email = isset($profile['email']) ? $profile['email'] : null;
-    //$gender = isset($profile['gender']) ? $profile['gender'] : null;
-    $fb_id = isset($profile['id']) ? $profile['id'] : null;
-
-    $_SESSION['first_name'] = $first_name;
-    $_SESSION['full_name'] = $name;
-    $_SESSION['email'] = $email;
-    $_SESSION['fb_id'] = $fb_id;
-
-    // Now you can redirect to another page and use the access token from $_SESSION['facebook_access_token']
-
-} else {
-    // replace your website URL same as added in the developers.facebook.com/apps e.g. if you used http instead of https and you used non-www version or www version of your website then you must add the same here
-    $loginUrl = $helper->getLoginUrl('WWW.YOUR-WEBSITE/fbconfig.php', $permissions);
-}
diff --git a/includes/defines.php b/includes/defines.php
index f84e35b..1158171 100644
--- a/includes/defines.php
+++ b/includes/defines.php
@@ -2,6 +2,7 @@
 
 if(!isset($_SESSION)) {
     session_start();
+    $_SESSION['session_id'] = session_id();
 }
 
 //SITE DOMAIN NAME WITH HTTP
diff --git a/includes/functions.php b/includes/functions.php
index 46da456..be2e078 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,10 +1,4 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/3/2017
- * Time: 6:33 PM
- */
 
 function round_it($num=0, $deci=2) {
     $decimal = abs(number_format((float)$num, $deci, '.', ''));
@@ -17,10 +11,10 @@ function redirect_to($url=null) {
 }
 
 function checkLoginStatus() {
-    if(!isset($_SESSION['fb_id']) || !isset($_SESSION['user_id']) || !isset($_SESSION['user_name'])) {
-        return false;
+    if($_SESSION['authenticated'] == true) {
+        return true;
     }
-    return true;
+    return false;
 }
 
 function extract_int($string) {
@@ -120,4 +114,4 @@ function get_bcx_user_by_email($em='') {
     }
 
     return $data;
-}
\ No newline at end of file
+}
diff --git a/includes/imp_files.php b/includes/imp_files.php
index e29666c..51610c5 100644
--- a/includes/imp_files.php
+++ b/includes/imp_files.php
@@ -1,13 +1,8 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/3/2017
- * Time: 7:49 PM
- */
 
-if(!isset($_SESSION)) {
+if(!isset($_SESSION['session_id'])) {
     session_start();
+    $_SESSION['session_id'] = session_id();
 }
 
 require_once 'defines.php';
@@ -16,22 +11,22 @@ include_once 'autoload.php';
 include_once 'functions.php';
 
 //if logged in store user DB details
-$fb_id = null;
-$user_name = null;
+$flo_id = null;
 $user_id = null;
 $log_fullName = null;
 $user_email = null;
 
 if (checkLoginStatus()) {
-    if (isset($_SESSION['fb_id'], $_SESSION['user_name'], $_SESSION['user_id'])) {
-        $fb_id = $_SESSION['fb_id'];
-        $user_name = $_SESSION['user_name'];
+   
+    if (isset($_SESSION['flo_id'],$_SESSION['user_id'])) {
+        $flo_id = $_SESSION['flo_id'];
         $user_id = $_SESSION['user_id'];
+        $log_fullName = isset($_SESSION['user_name']) ? $_SESSION['user_name'] : '';
+        $user_email = isset($_SESSION['email']) ? $_SESSION['email'] : '';
     } else {
         redirect_to("logout.php");
     }
-    $log_fullName = isset($_SESSION['full_name']) ? $_SESSION['full_name'] : '';
-    $user_email = isset($_SESSION['email']) ? $_SESSION['email'] : '';
+
 }
 
 $UserClass = null;
@@ -44,4 +39,4 @@ if (class_exists('Users') && class_exists('Orders') && class_exists('Api') && cl
     $OrderClass = new Orders();
     $ApiClass = new Api();
     $MailClass = new SendMail();
-}
\ No newline at end of file
+}
diff --git a/index.php b/index.php
index 1c3df3a..5b009a5 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,10 @@
 <?php 
-//die('Site is currently under maintenance. We will return soon. Thanks for your patience.');
 ob_start();
+if(!isset($_SESSION['session_id'])) {
+    session_start();
+    $_SESSION['session_id'] = session_id();
+}
+
 date_default_timezone_set('Asia/Kolkata'); ?>
 <?php $user_id = 0; ?>
 <!--Bootstrap-->
diff --git a/js/main.js b/js/main.js
index 087bb47..974245a 100644
--- a/js/main.js
+++ b/js/main.js
@@ -417,7 +417,7 @@ function MyTransactions() {
 
 function checkLoginStatusJS() {
 
-    $(document).on('click drop', '.fb_log_in', function (e) {
+    $(document).on('click drop', '.flo_log_in', function (e) {
         e.preventDefault();
         $('#LoginModel').modal('toggle');
     });
diff --git a/logout.php b/logout.php
index 76bed4f..f4b085b 100644
--- a/logout.php
+++ b/logout.php
@@ -1,5 +1,6 @@
 <?php 
 session_start();
+$_SESSION['authenticated'] = false;
 session_destroy();
 header("Location: index.php");        // you can enter home page here ( Eg : header("Location: " ."http://www.krizna.com"); 
 ?>
diff --git a/rm_root.php b/rm_root.php
index 91bbe0d..c25c686 100644
--- a/rm_root.php
+++ b/rm_root.php
@@ -1,31 +1,25 @@
-<?php
-/**
- * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
- * Date: 10/9/2017
- * Time: 8:05 PM
- */
-?>
 <?php ob_start(); date_default_timezone_set('Asia/Kolkata'); ?>
 <?php $user_id = 0; ?>
     <!--Bootstrap-->
-<?php require_once 'views/header.php';?>
+<?php require_once 'includes/imp_files.php';
+      require_once 'views/header.php';
+?>
 
 <?php
 
-    require_once 'includes/imp_files.php';
+    
 
     if (!checkLoginStatus()) {
         redirect_to("index.php");
     }
 
-    if (isset($_SESSION['fb_id'], $_SESSION['user_id'], $_SESSION['user_name'])) {
-        $root_fb = (int) $_SESSION['fb_id'];
-        $root_user_id = (int) $_SESSION['user_id'];
-        $root_user_name = (string) $_SESSION['user_name'];
+    if (isset($_SESSION['flo_id'], $_SESSION['user_id'])) {
+        $root_flo = $_SESSION['flo_id'];
+        $root_user_id = $_SESSION['user_id'];
+        
 
         /*This should match ajax/rm_root.php too*/
-        if ($root_fb != ADMIN_ID && $root_user_id != ADMIN_ID && $root_user_name != ADMIN_UNAME) {
+        if ($root_flo != ADMIN_FLO_ID && $root_user_id != ADMIN_ID) {
             redirect_to("index.php");
         }
 
diff --git a/views/header.php b/views/header.php
index 88fa12d..0e04b72 100644
--- a/views/header.php
+++ b/views/header.php
@@ -7,12 +7,13 @@ error_reporting(0);
 $tradersList = array();
 $buy_list = array();
 $sell_list = array();
-include_once 'fbconfig.php';
+
 $validate_user = null;
 if (isset($UserClass)) {
-    if (isset($fb_id)):
+    if (isset($_SESSION['flo_id'])):
         // check if user already registered
-        $validate_user = $UserClass->is_fb_registered($fb_id);
+        $validate_user = $UserClass->doInitialUserHandling($flo_id); 
+        
         if($validate_user == "" || $validate_user == false) {
             redirect_to('index.php');
         }
@@ -23,15 +24,17 @@ if (isset($UserClass)) {
     $sell_list[] = $OrderClass->get_top_buy_sell_list(TOP_SELL_TABLE, $asc_desc='ASC');  // sell
 }
 
-$fullName = isset($_SESSION['full_name']) ? $_SESSION['full_name'] : "";
+$fullName = isset($_SESSION['user_name']) ? $_SESSION['user_name'] : "";
 $user_logged_in = false;
-$action_class_market = 'fb_log_in';
-$action_class_buy_sell = 'fb_log_in';
+$action_class_market = 'flo_log_in';
+$action_class_buy_sell = 'flo_log_in';
 if(checkLoginStatus()) {
     $user_logged_in = true;
     $action_class_market = 'market_submit_btn';
     $action_class_buy_sell = 'process';
 }
+
+$_SESSION['rand'] = rand();
 ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -81,18 +84,114 @@ $type = isset($_GET['type']) ? trim($_GET['type']) : 'danger';
             <a href="http://ranchimall.net/exchange"><div class="logo mt--1"></div></a>
         </div>
         <div class="col-sm-6 text-right mt--1-m">
-            <?php if($user_logged_in) { ?>
+            <?php if(isset($_SESSION['authenticated'])&&($_SESSION['authenticated'] == true)) { ?>
                 <a href="logout.php">
                     <div class="btn btn--facebook ">
                         Log Out
                     </div>
                 </a>
-            <?php } elseif(isset($loginUrl)) {?>
-                <a href="<?=$loginUrl?>" role="button" class="pull-right popup" name="fb_login">
-                    <div class="btn btn--facebook ">
-                        Continue with Facebook
-                    </div>
-                </a>
+            <?php } else {?>
+                
+<div class="row" >
+    <div id="to_login_fields">    
+        <h2 class="text-center">Login using FLO Private Key </h2>
+        <hr>
+        <div class="col-lg-12 lazy-form">
+            <label for="key_flo" id="loginMessage">Enter your FLO Private Key</label>
+            <input type="password" name="key_flo" id="key_flo" style="color:initial">
+            
+        </div>
+        
+        <div class="col-lg-12">
+            <input type="submit" id="key_flo_submit" class="btn btn--block btn--facebook flo_log_in" style="width: 100%;" value="Enter Key">
+        </div>
+    </div>
+        <a href="logout.php" id="to_logout_fields" style="display: none">
+            <div class="btn btn--facebook ">
+                Log Out
+            </div>
+        </a>
+
+    </div> 
+            
+    <script>
+
+// Refresh needed every 12 minutes to fetch new time challenge to be digitally signed
+ var delayInMilliseconds = 700000; 
+ setInterval(function() {window.location.reload();}, delayInMilliseconds);
+
+function ajax_authentication(floID,floPubKey,message,signDataWithFlo) {
+    $.ajax({
+        method:'post',
+        url:'ajax/authenticateMe.php',
+        data: { floID: floID,floPubKey:floPubKey,message:message,signDataWithFlo:signDataWithFlo},
+        success: function(data) {
+        //     console.log(data);
+        }
+    }).error(function(xhr, status, error) {
+        console.log(xhr.responseText);
+        document.getElementById("loginMessage").innerHTML = xhr.responseText;
+        document.getElementById("loginMessage").style.color = "red";
+    }).success(function(data) {
+        
+        var IS_JSON = true;
+        try {
+            var d = jQuery.parseJSON(data);
+            console.log(d.message);
+            }
+        catch(err) {
+            IS_JSON = false;
+            }
+
+        if(IS_JSON) {
+            if(d.error == false) {
+             document.getElementById("loginMessage").style.color = "#FFFFFF";    
+             document.getElementById("loginMessage").innerHTML = "Successful Login. Digital Signature is verified. Getting user details. <span id='myBlinkingDiv'>Wait a moment<span>";
+             
+             var blink_speed = 500; 
+             var t = setInterval(function () {
+                var ele = document.getElementById('myBlinkingDiv');
+                ele.style.visibility = (ele.style.visibility == 'hidden' ? '' : 'hidden');
+                }, blink_speed);
+                
+             window.location.reload();
+                         } else {
+                document.getElementById("loginMessage").innerHTML = d.message;
+                document.getElementById("loginMessage").style.color = "red";   
+            }
+            
+        } 
+
+    });
+}
+
+   document.getElementById("key_flo_submit").onclick = function(evt) {
+
+            let floPrivKey = document.getElementById("key_flo").value;
+            let floPubKey = floCrypto.getPubKeyHex(floPrivKey);
+            let floID = floCrypto.getFloID(floPubKey);
+            
+            if (floID != null) {
+            //Generating a tough challenge for user to sigitally sign    
+            let message ="<?php echo($_SESSION['session_id'] . round(time()/1000)*1000 . $_SESSION['rand']);?>";
+            let signDataWithFlo = floCrypto.signData(message, floPrivKey);
+            delete floPrivKey;
+
+            document.getElementById("loginMessage").style.color = "#FFFFFF";    
+            document.getElementById("loginMessage").innerHTML = "Digital signature provided for server generated message. Waiting for signature verification.";
+
+            ajax_authentication(floID,floPubKey,message,signDataWithFlo);            
+            } else {
+                var displayMessage = "Private Key is invalid";
+                console.log(displayMessage);
+                document.getElementById("loginMessage").innerHTML = displayMessage;
+                document.getElementById("loginMessage").style.color = "red";
+            }
+        }
+
+    </script>
+
+
             <?php } ?>
         </div>
     </div>
@@ -107,13 +206,17 @@ $type = isset($_GET['type']) ? trim($_GET['type']) : 'danger';
                 <h5 class="font-20 mt--2 text--uppercase text--bold text--center--mobile">Last Traded Price: <span id="_ltp"><?=$LastTradedPrice;?></span></h5>
             <?php } ?>
         </div>
+     
         <?php if($user_logged_in) { ?>
-            <div class="col-sm-6 text-right text--uppercase text--center--mobile ">
+            <div class="col-sm-6 text-right text--center--mobile ">
                 <h2 class="text--uppercase"><?=$fullName?></h2>
-                <h6 class="text--bold">Token Balance: <span id="my_bit_balance">loading...</span> </h6>
-                <h6 class="text--bold">Cash Balance: $ <span id="my_cash_balance">loading...</span> </h6>
+                <h5 class="text-bold"><?=$flo_id?></h2>
+                <h6 class="text--bold text--uppercase">Token Balance: <span id="my_bit_balance">loading...</span> </h6>
+                <h6 class="text--bold text--uppercase">Cash Balance: $ <span id="my_cash_balance">loading...</span> </h6>
             </div>
-        <?php } ?>
+            <script>get_my_balance();</script>
+        <?php } ?> 
+    
     </div>
 </div>
 
diff --git a/views/req_user_info.php b/views/req_user_info.php
index 41ec5b4..cb5b6d2 100644
--- a/views/req_user_info.php
+++ b/views/req_user_info.php
@@ -3,10 +3,10 @@ if (!isset($user_id)) {
     $user_id = $_SESSION['user_id'];
 }
 if (!isset($user_email)) {
-    $user_email = $_SESSION['email'];
+    $user_email = $_SESSION['flo_id'];
 }
 if (!isset($log_fullName)) {
-    $log_fullName = $_SESSION['full_name'];
+    $log_fullName = $_SESSION['flo_id'];
 }
 if (($user_email == null) && ($user_logged_in == true)) {
 
@@ -47,4 +47,4 @@ if (($user_email == null) && ($user_logged_in == true)) {
 
     </div>
 </div>
-<?php }
\ No newline at end of file
+<?php }
diff --git a/views/transfers.php b/views/transfers.php
index 1c85acb..beaab6b 100644
--- a/views/transfers.php
+++ b/views/transfers.php
@@ -1,7 +1,6 @@
 <?php
 /**
  * Created by PhpStorm.
- * User: Abhishek Kumar Sinha
  * Date: 10/21/2017
  * Time: 3:36 PM
  */
@@ -92,7 +91,7 @@ if($user_logged_in):
                                 <label for="remarks_bal_tr">Remarks (optional)</label>
                                 <textarea name="remarks_bal_tr" id="remarks_bal_tr" cols="30" rows="10" class="form-control" placeholder="max 250 characters" maxlength="250"></textarea>
 
-                                <br<br>
+                                <br>
                                 <input type="button" id="btn_bk_tr" class="btn btn--primary-1 mt--1" value="Transfer">
                             </div>
 
@@ -137,4 +136,4 @@ if($user_logged_in):
             </div>
         </div>
     </div>
-<?php endif; ?>
\ No newline at end of file
+<?php endif; ?>