-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathconfig.php
More file actions
63 lines (50 loc) · 1.71 KB
/
Copy pathconfig.php
File metadata and controls
63 lines (50 loc) · 1.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
$servername = "localhost";
$username = "urgaczpgdegkl";
$password = "BTG@re@39";
$dbname = "dbkqsuy93hyu21";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
session_start();
$usernames = isset( $_SESSION['usernames'] ) ? $_SESSION['usernames'] : '';
$getpass = isset( $_SESSION['passwords'] ) ? $_SESSION['passwords'] : '';
$adminlevel = isset( $_SESSION['adminlevel'] ) ? $_SESSION['adminlevel'] : '';
$admindistrict = isset( $_SESSION['district'] ) ? $_SESSION['district'] : '';
// initial login
if (isset($_POST["user"]) && isset($_POST["passwords"])) {
$getuser = $_POST["user"];
$getpass = $_POST["passwords"];
// todo sanitize inputs
$sql = "SELECT * FROM btglogin WHERE usernames = '$getuser' AND passwords = '$getpass'";
$result = $conn->query($sql);
// output data of each row
//while($row = $result->fetch_assoc())
while($result && $row = $result->fetch_assoc())
{
$adminlevel = $row["userlevel"];
$district = $row["district"];
$usernames = $row["usernames"];
}
if ($result->num_rows == 0)
{
?>
<center>Either the username or password you entered did not match our records<br>
Please try again or contact your Database Administrator</center>
<?php
include('index.php');
exit();
}
$_SESSION['usernames'] = $usernames;
$_SESSION['adminlevel'] = intval( $adminlevel );
$_SESSION['district'] = $district;
}
// check if user is logged in
if ( ! $adminlevel || ! $usernames ) {
// redirect to login page
header('Location: index.php');
exit;
}