Server IP : 103.53.40.154 / Your IP : 3.143.23.38 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home2/ppcad7no/exclusivefibro.in/../heats.co.in/../bhatiataxiservice.in/admin/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php session_start(); // connect to database // $db = mysqli_connect('localhost', 'root', 'password', 'db-name'); $db = mysqli_connect('localhost', 'ppcad7no_bhatiataxiservice', 'NYHm@Vl.P;bt', 'ppcad7no_bhatiataxiservice'); // variable declaration $username = ""; $email = ""; $errors = array(); if (isset($_POST['login_btn'])) { login(); } // LOGIN USER function login(){ global $db, $username, $errors; // grap form values $username = e($_POST['username']); $password = e($_POST['password']); // make sure form is filled properly if (empty($username)) { array_push($errors, "Username is required"); } if (empty($password)) { array_push($errors, "Password is required"); } // attempt login if no errors on form if (count($errors) == 0) { // $password = md5($password); // Query for login_tbl $query1 = "SELECT * FROM login_tbl WHERE username='$username' AND password='$password' AND admin_status='Active' LIMIT 1"; $results1 = mysqli_query($db, $query1); if (mysqli_num_rows($results1) == 1) { // check if user is admin or user $logged_in_user = mysqli_fetch_assoc($results1); if ($logged_in_user['user_type'] == 'supadmin') { $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location: index.php'); } else if ($logged_in_user['user_type'] == 'admin') { $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location: index.php'); } else if ($logged_in_user['user_type'] == 'user') { $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location: index.php'); } else { $_SESSION['msg'] = "Invalid user type"; header('location: login.php'); } } else { $_SESSION['msg'] = "Invalid username or password"; header('location: login.php'); } $query2 = "SELECT * FROM tbl_member WHERE username='$username' AND password='$password' LIMIT 1"; $results2 = mysqli_query($db, $query2); if (mysqli_num_rows($results2) == 1) { $logged_in_user = mysqli_fetch_assoc($results2); $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location:member_home.php'); } // No user found in either table array_push($errors, "Wrong username/password "); } } function isAdmin() { if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) { return true; }else{ return false; } } // return user array from their id function getUserById($id){ global $db; $query = "SELECT * FROM login_tbl WHERE id= $id"; $result = mysqli_query($db, $query); $user = mysqli_fetch_assoc($result); return $user; } // escape string function e($val){ global $db; return mysqli_real_escape_string($db, trim($val)); } function display_error() { global $errors; if (count($errors) > 0){ echo '<div class="error">'; foreach ($errors as $error){ echo $error .'<br>'; } echo '</div>'; } } function isLoggedIn() { if (isset($_SESSION['user'])) { return true; }else{ return false; } } if (isset($_GET['logout'])) { session_destroy(); unset($_SESSION['user']); header("location: login.php"); } function my_prepared($sql) { global $db; $stmt = mysqli_prepare($db, $sql); if (!$stmt) { die("Prepared statement error: " . mysqli_error($db)); } return $stmt; } ?>