MAINHACK

Viewing / Editing File: index.php

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
include("functions.php");
$num1 = rand(4, 10);
$num2 = rand(3, 10);

$message = "";

$isJson = isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'application/json') !== false;

function json_out($ok, $message = '', $extra = []) {
    header('Content-Type: application/json');
    echo json_encode(array_merge(['ok' => $ok, 'message' => $message], $extra));
    exit;
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $email   = test_input($_POST['school_email'] ?? '');
    $password= test_input($_POST['password'] ?? '');
    $result1 = (int)($_POST['result1'] ?? 0);
    $result2 = (int)($_POST['result2'] ?? 0);
    $answer  = (int)($_POST['answer'] ?? -999999);
    $remember= isset($_POST['remember']);

if (empty($email) || empty($password)) {
        $msg = 'Error: Email and password are required!';
        if ($isJson) json_out(false, $msg);
        $message = '<p class="btn btn-danger">'.$msg.'</p>';
    } else if ($result1 + $result2 !== $answer) {
        $msg = 'Error: The answer you provided is wrong!';
        if ($isJson) json_out(false, $msg);
        $message = '<p class="btn btn-danger">'.$msg.'</p>';
    } else {
        // Single query (faster than checking existence then selecting again)
        $stmt = $con->prepare("SELECT id, password, active, school_email, school_code, type, user_name, validation_code 
                               FROM schools WHERE school_email = ? LIMIT 1");
        $stmt->execute([$email]);
        $row = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$row) {
            $msg = 'Error: Email does not exist or wrong email entered';
            if ($isJson) json_out(false, $msg);
            $message = '<p class="btn btn-danger">'.$msg.'</p>';
        } else if (!password_verify($password, $row['password'])) {
            $msg = 'Error: Wrong password!';
            if ($isJson) json_out(false, $msg);
            $message = '<p class="btn btn-danger">'.$msg.'</p>';
        } else if ($row['active'] != 1 || $row['validation_code'] != 0) {
            $msg = 'Error: Account is not activated or validation pending!';
            if ($isJson) json_out(false, $msg);
            $message = '<p class="btn btn-danger">'.$msg.'</p>';
        } else {
            // Success
            $_SESSION['dbmail_Xw211qAAsq4'] = $row['school_email'];
            $_SESSION['s_code_Xw2119904']   = $row['school_code'];
            $_SESSION['name_Xw2119904']     = $row['user_name'];

if ($remember) {
                // Consider setting cookie flags: secure/httponly/samesite
                setcookie('school_email', $row['school_email'], [
                    'expires'  => time() + 31556926,
                    'path'     => '/',
                    'secure'   => isset($_SERVER['HTTPS']),
                    'httponly' => true,
                    'samesite' => 'Lax'
                ]);
            }

unset($_SESSION['captcha_num1'], $_SESSION['captcha_num2']);

if ($isJson) json_out(true, '', ['redirect' => '../index']);
            header('Location: ../index');
            die();
        }
    }
}

// if ($_SERVER["REQUEST_METHOD"] == "POST") {

//         $email = test_input($_POST['school_email']);
//         $password = test_input($_POST['password']);
//         $result1 = test_input($_POST['result1']);
//         $result2 = test_input($_POST['result2']);
//         $answer = test_input($_POST['answer']);
//         $remember = isset($_POST['remember']);

//         if (empty($email) || empty($password)) {
//             $message = '<p class="btn btn-danger">Error: Email and password are required!</p>';
//         } else {
//             // Check if email exists
//             $select = $con->prepare("SELECT school_email FROM schools WHERE school_email = ?");
//             $select->execute([$email]);
//             if (!$select->fetchColumn()) {
//                 $message = '<p class="btn btn-danger">Error: Email does not exist or wrong email entered</p>';
//             } else {
//                 $stmt = $con->prepare("SELECT id, password, active, school_email, school_code, type, user_name, validation_code FROM schools WHERE school_email = ?");
//                 $stmt->execute([$email]);
//                 $row = $stmt->fetch(PDO::FETCH_ASSOC);

//                 if ($row && password_verify($password, $row['password'])) {
//                     if ($result1 + $result2 ==  $answer) {
//                         if ($row['active'] == 1 && $row['validation_code'] == 0) {
//                             $_SESSION['dbmail_Xw211qAAsq4'] = $row['school_email'];
//                             $_SESSION['s_code_Xw2119904'] = $row['school_code'];
//                             $_SESSION['name_Xw2119904'] = $row['user_name'];

//                             if ($remember) {
//                                 setcookie('school_email', $row['school_email'], time() + 31556926, '/', null, null, true);
//                             }
//                             unset($_SESSION['captcha_num1'], $_SESSION['captcha_num2']);

//                             header('Location: ../index');
//                             die();
//                         } else {
//                             $message = '<p class="btn btn-danger">Error: Account is not activated or validation pending!</p>';
//                         }
//                     } else {
//                         $message = '<p class="btn btn-danger">Error: The answer you provided is wrong!</p>';
//                     }
//                 } else {
//                     $message = '<p class="btn btn-danger">Error: Wrong password!</p>';
//                 }
//             }
//         }
    
// }
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Login To Your Account</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="eliosof" name="author" />
<link rel="shortcut icon" href="assets/images/favicon.ico">

<link href="assets/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="assets/css/icons.min.css" rel="stylesheet" type="text/css" />
<link href="assets/css/app.min.css" rel="stylesheet" type="text/css" />

/* Login Card */
.login-card {
    background: rgba(255, 255, 255, 0.9);
    backdrop-filter: blur(8px);
    border-radius: 1rem;
    box-shadow: 0 10px 25px rgba(0,0,0,0.2);
    padding: 2rem;
    width: 100%;
    max-width: 420px;
    opacity: 0;
    transform: translateY(30px);
    animation: fadeSlideUp 0.8s ease-out forwards;
}

/* Animation */
@keyframes fadeSlideUp {
    to {
        opacity: 1;
        transform: translateY(0);
    }
}

h5 {
    font-weight: 600;
}
.form-control, .btn {
    border-radius: 0.5rem;
}
.btn-primary {
    background-color: #007bff;
    border: none;
}
.btn-primary:hover {
    background-color: #0069d9;
}
a {
    text-decoration: none;
}
</style>
</head>

<body>

<div class="login-card">
    <div class="text-center mb-4">
        <h5>Welcome Back!</h5>
        <?php if (!empty($message)) echo $message; ?>
    </div>

<form id="login-form" method="POST" class="needs-validation" novalidate>

<div class="mb-3">
            <label class="form-label">Email</label>
            <input type="email" class="form-control" name="school_email" 
                   value="<?php if (isset($_POST['school_email'])) echo $_POST['school_email']; ?>" 
                   placeholder="Enter email" required>
            <div class="invalid-feedback">Email is required</div>
        </div>

<div class="mb-3">
            <div class="d-flex justify-content-between">
                <label class="form-label">Password</label>
                <a href="auth-recoverpw.php" class="text-muted small">Forgot password?</a>
            </div>
            <div class="input-group">
                <input type="password" name="password" class="form-control" placeholder="Password" required>
                <button class="btn btn-light" type="button" id="password-addon">
                    <i class="mdi mdi-eye-outline"></i>
                </button>
                <div class="invalid-feedback">Password is required</div>
            </div>
        </div>

<div class="form-check mb-3">
            <input class="form-check-input" type="checkbox" id="remember-check" name="remember">
            <label class="form-check-label" for="remember-check">Remember me</label>
        </div>

<div class="row g-2 mb-3">
            <div class="col-6">
                <input value="<?php echo $num1; ?> + <?php echo $num2; ?> = ?" 
                       class="form-control" readonly>
                <input type="hidden" name="result1" value="<?php echo $num1; ?>">
                <input type="hidden" name="result2" value="<?php echo $num2; ?>">
            </div>
            <div class="col-6">
                <input type="number" class="form-control" name="answer" required placeholder="Answer">
                <div class="invalid-feedback">Provide an answer</div>
            </div>
        </div>
  <div id="form-alert" class="alert d-none" role="alert"></div>

<button class="btn btn-primary w-100" type="submit" name="submit">Log In</button>
    </form>

<div class="text-center mt-4">
        <p class="mb-0">© <script>document.write(new Date().getFullYear())</script> Powered by BBECAS</p>
    </div>
</div>

// Prefill email from localStorage for faster repeat logins
  const savedEmail = localStorage.getItem('school_email_prefill');
  if (savedEmail && !emailInput.value) emailInput.value = savedEmail;

// Toggle password visibility
  if (toggleBtn) {
    toggleBtn.addEventListener('click', () => {
      pwdInput.type = pwdInput.type === 'password' ? 'text' : 'password';
    });
  }

const showAlert = (msg, type = 'danger') => {
    alertBox.className = `alert alert-${type}`;
    alertBox.textContent = msg;
    alertBox.classList.remove('d-none');
  };

const clearAlert = () => {
    alertBox.className = 'alert d-none';
    alertBox.textContent = '';
  };

form.addEventListener('submit', async (e) => {
    e.preventDefault();
    clearAlert();

// Bootstrap client-side validation
    form.classList.add('was-validated');
    if (!form.checkValidity()) return;

// Quick client-side captcha check (saves a DB trip on obvious fails)
    const n1 = Number(form.querySelector('input[name="result1"]').value || 0);
    const n2 = Number(form.querySelector('input[name="result2"]').value || 0);
    const ans = Number(form.querySelector('input[name="answer"]').value || NaN);
    if (n1 + n2 !== ans) {
      showAlert('The answer you provided is wrong!', 'danger');
      return;
    }

// Submit via fetch (no reload)
    const originalText = submitBtn.innerHTML;
    submitBtn.disabled = true;
    submitBtn.innerHTML = 'Logging in…';

try {
      const fd = new FormData(form);
      const res = await fetch(form.getAttribute('action') || window.location.href, {
        method: 'POST',
        body: fd,
        headers: { 'Accept': 'application/json' } // ask PHP for JSON
      });

// Try parse JSON; if not JSON, treat as failure
      let data = null;
      try { data = await res.json(); } catch { /* not JSON */ }

if (res.ok && data && data.ok) {
        // Save email locally for faster future logins
        if (form.querySelector('input[name="remember"]').checked && emailInput.value) {
          localStorage.setItem('school_email_prefill', emailInput.value);
        }
        window.location.assign(data.redirect || '../index');
        return;
      }

// Fall back to server-provided message or generic
      const msg = (data && data.message) || 'Login failed. Please try again.';
      showAlert(msg, 'danger');
    } catch (err) {
      showAlert('Network error. Check your connection and try again.', 'danger');
    } finally {
      submitBtn.disabled = false;
      submitBtn.innerHTML = originalText;
    }
  });
});
</script>

<script src="assets/libs/jquery/jquery.min.js"></script>
<script src="assets/libs/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="assets/libs/feather-icons/feather.min.js"></script>
<script src="assets/js/pages/pass-addon.init.js"></script>
<script src="assets/js/pages/validation.init.js"></script>

</body>
</html>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: index.php

Server Info

System Features

User Info