MAINHACK

Viewing / Editing File: index.php

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
include("functions.php");
$num1 = rand(4, 10);
$num2 = rand(3, 10);

$message = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {

$email = test_input($_POST['school_email']);
        $password = test_input($_POST['password']);
        $result1 = test_input($_POST['result1']);
        $result2 = test_input($_POST['result2']);
        $answer = test_input($_POST['answer']);
        $remember = isset($_POST['remember']);

if (empty($email) || empty($password)) {
            $message = '<p class="btn btn-danger">Error: Email and password are required!</p>';
        } else {
            // Check if email exists
            $select = $con->prepare("SELECT school_email FROM schools WHERE school_email = ?");
            $select->execute([$email]);
            if (!$select->fetchColumn()) {
                $message = '<p class="btn btn-danger">Error: Email does not exist or wrong email entered</p>';
            } else {
                $stmt = $con->prepare("SELECT id, password, active, school_email, school_code, type, user_name, validation_code FROM schools WHERE school_email = ?");
                $stmt->execute([$email]);
                $row = $stmt->fetch(PDO::FETCH_ASSOC);

if ($row && password_verify($password, $row['password'])) {
                    if ($result1 + $result2 ==  $answer) {
                        if ($row['active'] == 1 && $row['validation_code'] == 0) {
                            $_SESSION['dbmail_Xw211qAAsq4'] = $row['school_email'];
                            $_SESSION['s_code_Xw2119904'] = $row['school_code'];
                            $_SESSION['name_Xw2119904'] = $row['user_name'];

if ($remember) {
                                setcookie('school_email', $row['school_email'], time() + 31556926, '/', null, null, true);
                            }
                            unset($_SESSION['captcha_num1'], $_SESSION['captcha_num2']);

header('Location: admin/');
                            die();
                        } else {
                            $message = '<p class="btn btn-danger">Error: Account is not activated or validation pending!</p>';
                        }
                    } else {
                        $message = '<p class="btn btn-danger">Error: The answer you provided is wrong!</p>';
                    }
                } else {
                    $message = '<p class="btn btn-danger">Error: Wrong password!</p>';
                }
            }
        }
    
}
?>

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Login To Your Account</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta content="eliosof" name="author" />

<link rel="shortcut icon" href="assets/images/favicon.ico">

<body>

<div class="auth-page">
<div class="container-fluid p-0">
<div class="row g-0">

<div class="d-flex justify-content-center align-items-center min-vh-100" style="background-image: url('student/440.jpg'); background-size: cover; background-position: center;">
<div class="col-xxl-3 col-lg-4 col-md-5 shadow p-4 bg-white rounded">
<div class="auth-full-page-content d-flex p-sm-5 p-4">
<div class="w-100">
<div class="d-flex flex-column h-100">
<div class="mb-4 mb-md-5 text-center">
</div>
<div class="auth-content my-auto">
<div class="text-center">
<h5 class="mb-0">Welcome Back!</h5>
    <?php if (!empty($message)) echo $message; ?>
</div>

<form method="POST" class="needs-validation mt-4 pt-2" novalidate>
    <?php // echo csrf_token_tag(); ?>
    <div class="mb-3">
        <label class="form-label">Email</label>
        <input type="email" class="form-control" name="school_email" value="<?php if (isset($_POST['school_email'])) { echo $_POST['school_email']; } ?>" id="username" placeholder="Enter email" required>
        <div class="invalid-feedback">Email is required</div>
    </div>
    <div class="mb-3">
        <div class="d-flex align-items-start">
            <div class="flex-grow-1">
                <label class="form-label">Password</label>
            </div>
            <div class="flex">
                <a href="auth-recoverpw.php" class="text-muted">Forgot password?</a>
            </div>
        </div>
        <div class="input-group auth-pass-inputgroup">
            <input type="password" name="password" class="form-control" required placeholder="password" aria-label="Password" aria-describedby="password-addon">
            <button class="btn btn-light shadow-none ms-0" type="button" id="password-addon"><i class="mdi mdi-eye-outline"></i></button>
            <div class="invalid-feedback">Password is required</div>
        </div>
    </div>
    <div class="row mb-4">
        <div class="col">
            <div class="form-check">
                <input class="form-check-input" type="checkbox" id="remember-check" name="remember">
                <label class="form-check-label" for="remember-check">Remember me</label>
            </div>
        </div>
    </div>
    <div class="col-xl-8">
        <div class="form-group row">
            <label class="form-label" for="multiStepsResaons">I'm not a robot</label>
            <div class="col-sm-6 mb-6 mb-sm-0">
                <input value="<?php echo $num1; ?> + <?php echo $num2; ?> = ?" class="form-control form-control-user" readonly>
                <input type="hidden" name="result1" value="<?php echo $num1; ?>">
                <input type="hidden" name="result2" value="<?php echo $num2; ?>">
            </div>
            <div class="col-sm-6">
                <div class="icon-field has-validation">
                    <input type="number" class="form-control" name="answer" id="answer" placeholder="" required>
                    <div class="invalid-feedback">Provide an answer</div>
                </div>
            </div>
        </div>
    </div>
    <br/><br/>
    <div class="mb-3">
        <button class="btn btn-primary w-100 waves-effect waves-light" type="submit" name="submit">Log In</button>
    </div>
</form>

<div class="mt-5 text-center">
<p class="text-muted mb-0">Don't have an account? <a href="auth-register" class="text-primary fw-semibold"> Signup now </a></p>
</div>
</div>
<div class="mt-4 mt-md-5 text-center">
<p class="mb-0">© <script>document.write(new Date().getFullYear())</script> Powered by BBECAS</p>
</div>
</div>
</div>
</div>
</div>
</div>

</div>

</div>

</div>

<script src="assets/libs/jquery/jquery.min.js"></script>
<script src="assets/libs/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="assets/libs/metismenu/metisMenu.min.js"></script>
<script src="assets/libs/simplebar/simplebar.min.js"></script>
<script src="assets/libs/node-waves/waves.min.js"></script>
<script src="assets/libs/feather-icons/feather.min.js"></script>

<script src="assets/libs/pace-js/pace.min.js"></script>

<script src="assets/js/pages/pass-addon.init.js"></script>
<script src="assets/js/pages/validation.init.js"></script>

</body>

</html>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: index.php

Server Info

System Features

User Info