MAINHACK

Viewing / Editing File: index.php

<?php 
 include("functions.php");
if(isset($_SESSION['username_Xw21erAAsqg4'])){
    header("Location: dashboard");
    exit();
} else {

$message = "";
// Check if form submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
if(!csrf_token_is_valid() || !csrf_token_is_recent()) {
$message = "<p class='alert alert-danger text-center ' 
role='alert'>Token Authentication Failed</p>";
} else {
    // Sanitize input

$name = test_input($_POST['name']);
$password = test_input($_POST['password']);

$stmt = mysqli_prepare($new, 'SELECT id FROM admin WHERE username = ?');
if ($stmt) {
mysqli_stmt_bind_param($stmt, 's', $name);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) < 1) {
    $message = '<div class="alert alert-danger">This Username is not registered</div>';
}
mysqli_stmt_close($stmt);
} else {
$message = 'Database error: Unable to check email';
}

if(!$message){

$stmt = $con->prepare("Select id,username,password,email,active,type from admin where username = ?");
$stmt->execute(array($name));
$row = $stmt->fetch();
$username = $row['username'];
$email = $row['email'];
$active = $row['active'];
$id = $row['id'];
$hashed_password = $row['password'];

if(password_verify($password,$hashed_password)) {

if($active === "1"){

$_SESSION['username_Xw21erAAsqg4'] = $username;
$_SESSION['admin_id_Xw211qAAsq4'] = $row['id'];
$_SESSION['email_Xw211qAAsq4'] = $row['email'];

header("location:dashboard");

}  else {
     $message = '<div class="alert alert-danger">Your account is blocked</div>';
}

}  else {
 $message = '<div class="alert alert-danger">Wrong password entered</div>';
}

}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Admin login </title>
    
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
    
    <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>

/* Header Styling */
        .header {
            background-color: #003087;
            color: white;
            padding: 1rem 0;
            text-align: center;
            box-shadow: 0 2px 5px rgba(0, 0, 0, 0.1);
        }

.header img {
            width: 40px;
            margin-right: 10px;
        }

.header h1 {
            margin: 0;
            font-size: 1.5rem;
            display: inline;
            vertical-align: middle;
        }

/* Main Content Styling */
        .main-content {
            flex: 1;
            display: flex;
            justify-content: center;
            align-items: flex-start;
            padding: 2rem;
            gap: 2rem;
        }

.card {
            border: none;
            border-radius: 10px;
            box-shadow: 0 4px 15px rgba(0, 0, 0, 0.1);
            padding: 1.5rem;
            width: 100%;
            max-width: 350px;
        }

.card.announcements {
            background-color: white;
        }

.card.signin {
            background-color: white;
            border-left: 5px solid #ffc107;
        }

.card.support {
            background-color: white;
        }

.card h3 {
            color: #003087;
            font-size: 1.2rem;
            margin-bottom: 1rem;
        }

.card.announcements p {
            color: #333;
            font-size: 1rem;
            margin-bottom: 1rem;
        }

.card.announcements a {
            color: #003087;
            text-decoration: none;
        }

.card.announcements a:hover {
            text-decoration: underline;
        }

.card.signin h3 {
            color: #dc3545;
            text-align: center;
            margin-bottom: 1.5rem;
        }

.card.signin .form-group {
            margin-bottom: 1rem;
        }

.card.signin label {
            font-weight: bold;
            color: #333;
            font-size: 0.9rem;
        }

.card.signin input {
            width: 100%;
            padding: 0.5rem;
            border: 1px solid #ccc;
            border-radius: 5px;
            font-size: 0.9rem;
        }

.card.signin input::placeholder {
            color: #aaa;
        }

.card.signin .btn-signin {
            background-color: #003087;
            color: white;
            padding: 0.75rem;
            border: none;
            border-radius: 5px;
            font-size: 1rem;
            width: 100%;
            cursor: pointer;
            transition: background-color 0.3s ease;
        }

.card.signin .btn-signin:hover {
            background-color: #001f5f;
        }

.card.signin .support-link {
            color: #003087;
            text-decoration: none;
            font-size: 0.9rem;
            display: block;
            margin-top: 1rem;
        }

.card.signin .support-link:hover {
            text-decoration: underline;
        }

.card.support h3 {
            color: #003087;
            margin-bottom: 1rem;
        }

.card.support p {
            color: #333;
            font-size: 0.9rem;
            margin-bottom: 1rem;
        }

.card.support a {
            display: block;
            margin-bottom: 1rem;
            color: #003087;
            text-decoration: none;
            background-color: #007bff;
            padding: 0.5rem;
            border-radius: 5px;
            color: white;
            text-align: center;
        }

.card.support a:hover {
            background-color: #0056b3;
            text-decoration: none;
        }

/* Footer Styling */
        .footer {
            background-color: #003087;
            color: white;
            text-align: center;
            padding: 1rem 0;
            font-size: 0.9rem;
        }

/* Responsive Adjustments */
        @media (max-width: 768px) {
            .main-content {
                flex-direction: column;
                align-items: center;
            }

.card {
                max-width: 100%;
                margin-bottom: 2rem;
            }

.header h1 {
                font-size: 1.2rem;
            }
        }

@media (max-width: 576px) {
            .header h1 {
                font-size: 1rem;
            }

.card h3 {
                font-size: 1.1rem;
            }
        }

</style>

</head>
<body>
    
    <header class="header">
        <h1>Admin login</h1>
    </header>

<br   /><br   />
    
    <main class="main-content">
        <div class="card signin">
            <h3>Login details</h3>

<?php echo $message;?>
<form id="registrationForm" method="POST"  onsubmit="return validateForm()">
    <?php echo csrf_token_tag(); ?>

<div class="form-group">
        <label for="name">Username:</label>
        <input type="text" id="name" name="name">
        <div class="error-message" id="nameError"></div>
    </div>

<div class="form-group">
        <label for="phone">Password:</label>
        <input type="password" id="password" name="password">
        <div class="error-message" id="passwordError"></div>
    </div>
    <button type="submit" name="submit" class="btn-signin">Login</button>
</form>

</div>
    </main>

// Get input values
    const name = document.getElementById('name').value.trim();
    const password = document.getElementById('password').value.trim();

// Get error divs
    const nameError = document.getElementById('nameError');
    const passwordError = document.getElementById('passwordError');

// Clear previous error messages
    nameError.textContent = '';
    passwordError.textContent = '';

// Validate name
    if (name === '') {
        nameError.textContent = 'Please enter your name.';
        isValid = false;
    }

if (password === '') {
        passwordError.textContent = 'Please enter your password.';
        isValid = false;
    }

// Validate phone
    // const phoneRegex = /^[0-9]{10,15}$/;
    // if (!phoneRegex.test(phone)) {
    //     phoneError.textContent = 'Enter a valid phone number (10–15 digits).';
    //     isValid = false;
    // }

return isValid;
}
</script>

<footer class="footer">
     <p class="mb-0">© <script>document.write(new Date().getFullYear())</script>   SYMPHONY OF PRAISE</p>
    </footer>

<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
</body>
</html>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: index.php

Server Info

System Features

User Info