MAINHACK

Viewing / Editing File: index.php

<?php include("db/db.php");?>
<?php include("includes/functions/functions.php");?>
<?php
if(isset($_SESSION['name_Xw211qAAsq4'])){
    echo "<script>window.location.href='dashboard'</script>";

} else {
if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])){
if(!csrf_token_is_valid() || !csrf_token_is_recent()) {
$login_message = "<p class='alert alert-danger text-center ' 
role='alert'>Token Authentication Failed</p>";
}

$login_message = '';

$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
$email = htmlspecialchars($email, ENT_QUOTES, 'UTF-8');

$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$password = htmlspecialchars($password, ENT_QUOTES, 'UTF-8');

$result1 = filter_input(INPUT_POST, 'result1', FILTER_SANITIZE_STRING);
$result2 = filter_input(INPUT_POST, 'result2', FILTER_SANITIZE_STRING);
$nobot = filter_input(INPUT_POST, 'nobot', FILTER_SANITIZE_STRING);

$result1 = htmlspecialchars($result1, ENT_QUOTES, 'UTF-8');
$result2 = htmlspecialchars($result2, ENT_QUOTES, 'UTF-8');
$nobot = htmlspecialchars($nobot, ENT_QUOTES, 'UTF-8');

$remember = isset($_POST['remember']);

$select = mysqli_query($new,"SELECT * FROM admin WHERE email = '$email'");
 $dbmail = mysqli_fetch_array($select);

$mail = $dbmail['email'];
 $user = $dbmail['username'];

$totalresult = $result1+$result2;

if(empty($email)){
$login_message = '<div class="alert alert-danger">
                <button data-dismiss="alert" class="close close-sm" type="button">
                    <span aria-hidden="true">×</span>
                </button>
                <div class="messages">
                    <div>Email cannot be empty</div>
                </div>
            </div>';
}

if(empty($password)){
$login_message = '<div class="alert alert-danger">
                <button data-dismiss="alert" class="close close-sm" type="button">
                    <span aria-hidden="true">×</span>
                </button>
                <div class="messages">
                    <div>Password cannot be empty</div>
                </div>
            </div>';
}

if(empty($nobot)){
$login_message = '<div class="alert alert-danger">
                <button data-dismiss="alert" class="close close-sm" type="button">
                    <span aria-hidden="true">×</span>
                </button>
                <div class="messages">
                    <div>Provide an answer</div>
                </div>
            </div>';

}

else { 
$stmt = $con->prepare("Select id,name,password,active,email from admin where email = ?");
        $stmt->execute(array($email));
        $row = $stmt->fetch();

$name = $row['name'];
        $active = $row['active'];
        $id = $row['id'];
        $dbmail = $row['email'];

$hashed_password = $row['password'];

if(password_verify($password, $hashed_password)) {

if($remember == "on"){        
     setcookie('email', $email , time()+31556926, '/',null,null,true);
     }

if($totalresult == $nobot) {

if($active == 1){

$_SESSION['name_Xw211qAAsq4'] = $name;
            $_SESSION['dbmail_Xw211qAAsq4'] = $dbmail;
            $_SESSION['admin_id_Xw211qAAsq4'] = $row['admin_id'];

header('Location: dashboard');

die();

} else {

$login_message = '<div class="alert alert-danger">
                <button data-dismiss="alert" class="close close-sm" type="button">
                    <span aria-hidden="true">×</span>
                </button>
                <div class="messages">
                    <div>Email/password or your account is not activated!</div>
                </div>
            </div>';

}
         } else {

$login_message = '<div class="alert alert-danger">
                <button data-dismiss="alert" class="close close-sm" type="button">
                    <span aria-hidden="true">×</span>
                </button>
                <div class="messages">
                    <div>The answer you provided is wrong!</div>
                </div>
            </div>';

}
} 
else
        {

}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>THE-SALON-FRIEND || LOGIN ACCOUNT</title>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta content="Premium Multipurpose Admin & Dashboard Template" name="description" />
<meta content="MyraStudio" name="author" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />

<link rel="shortcut icon" href="assets/images/favicon.ico">

<link href="assets/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="assets/css/icons.min.css" rel="stylesheet" type="text/css" />
<link href="assets/css/theme.min.css" rel="stylesheet" type="text/css" />
</head>
<body style="background-color: #0892D0;">

<div>
<div class="container">
<div class="row">
<div class="col-12">
<div class="d-flex align-items-center min-vh-100">
    <div class="w-100 d-block bg-white shadow-lg rounded my-5">
        <div class="row">
            <div class="col-lg-5 d-none d-lg-block bg-register rounded-left"></div>
            <div class="col-lg-7">
                <div class="p-5">
    <div class="text-center mb-5">
        <a href="#" class="text-dark font-size-22 font-family-secondary">
            <i class="mdi mdi-alpha-x-circle"></i> <b>XELORO</b>
        </a>
    </div>
      
     
    <div id="login-box">
    <h1 class="h5 mb-1">Login  Account </h1>
    <p class="text-muted mb-4">
    <?php echo $_SESSION['register_success']; 
        unset($_SESSION['register_success']);
     ?>
         <?php echo $login_message;?>
     </p>

<div class="form-group row">
            <div class="col-sm-6 mb-3 mb-sm-0">
           <input value="What is  <?php echo $num1; ?> + <?php echo $num2; ?> = ?" class="form-control form-control-user" readonly>
            <input type="hidden" name="result1" value="<?php echo $num1; ?>">
            <input type="hidden" name="result2" value="<?php echo $num2; ?>">

</div>
            <div class="col-sm-6">
                <input type="number" class="form-control form-control-user" name="nobot"  id="nobot" placeholder="Answer">
            </div>

<div class="col-6">
            <div class="form-check form-switch">
            <input class="form-check-input" type="checkbox" id="flexSwitchCheckChecked" name="remember">
            <label class="form-check-label" for="flexSwitchCheckChecked">Remember Me</label>
            </div>
            </div>
        </div>
        <button class="btn btn-success" style="background-color: #0892D0;" name="submit">Submit</button>
    </form>
     <div class="row mt-4">
        <div class="col-12 text-center">
            <p class="text-muted mb-0">Do not have account?
            <a class="text-muted font-weight-medium ml-1" onclick="redirectToPage1()"><b>Sign up</b></a> | 
            <a id="forgot-btn" class="text-muted font-weight-medium ml-1" onclick="redirectToPage2()"><b>Forgot password</b></a>
         </p>
        </div>
    </div>
</div>

</div> 
</div> 
</div> 
</div> 
</div> 
</div> 
</div> 
</div>

</div>

<script src="assets/js/jquery.min.js"></script>
<script src="assets/js/bootstrap.bundle.min.js"></script>
<script src="assets/js/metismenu.min.js"></script>
<script src="assets/js/waves.js"></script>
<script src="assets/js/simplebar.min.js"></script>

<script src="assets/js/theme.js"></script>

}

function redirectToPage2() {
      setTimeout(function() {
          window.location.href ='reset';
        },1000);

}
</script>

</body>
</html>
<?php }?>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: index.php

Server Info

System Features

User Info