ok
Direktori : /home/ngwcolle/www/admin/ |
Current File : //home/ngwcolle/www/admin/index.php |
<?php session_start(); error_reporting(1); include 'includes/config.php'; if (empty($_SESSION['token'])) { $_SESSION['token'] = bin2hex(random_bytes(32)); $_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs } if (isset($_POST['login'])) { if (hash_equals($_SESSION["token"], $_POST["token"])) { $uname = $_POST['username']; $Password = md5($_POST['inputpwd']); $stmt = $mysqli->prepare("select ID,AdminName,isActive from tbladmin where AdminuserName=? && Password=? "); $stmt->bind_param("ss", $uname, $Password); $stmt->execute(); // $query = mysqli_query($con, "select ID,AdminName,isActive from tbladmin where AdminuserName='$uname' && Password='$Password' "); $result = $stmt->get_result(); $ret = $result->fetch_assoc(); if ($ret > 0) { $_SESSION['aid'] = $ret['ID']; unset($_SESSION['token']); unset($_SESSION['token-expire']); header('location:dashboard.php'); } else { echo "<script>alert('Invalid Details.');</script>"; } } else { echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>'; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content=""> <meta name="author" content=""> <title>Admin Login</title> <!-- Custom fonts for this template--> <link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css"> <link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet"> <!-- Custom styles for this template--> <link href="css/sb-admin-2.min.css" rel="stylesheet"> </head> <body style="background-image: linear-gradient(to right top, #051937, #004d7a, #008793, #00bf72, #a8eb12);"> <div class="container"> <!-- Outer Row --> <div class="row justify-content-center"> <div class="col-xl-10 col-lg-12 col-md-9"> <?php $query = mysqli_query($con, "select * from tblsite"); while ($row = mysqli_fetch_array($query)) { $logo = $row['siteLogo']; $wtitle = $row['siteTitle']; } ?> <p align="center"> <img src="uploadeddata/<?php echo $logo; ?>" width="150"> </p> <h3 align="center" style="margin-top:4%;color:#fff"><?php echo $wtitle; ?></h3> <div class="card o-hidden border-0 shadow-lg my-5"> <div class="card-body p-0"> <!-- Nested Row within Card Body --> <form name="login" method="post" autocomplete="off"> <input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>"> <div class="row"> <div class="col-lg-6 d-none d-lg-block bg-login-image"></div> <div class="col-lg-6"> <div class="p-5"> <div class="text-center"> <h1 class="h4 text-gray-900 mb-4">Welcome Back!</h1> </div> <form class="user"> <div class="form-group"> <input type="text" class="form-control" name="username" id="username" placeholder="Enter username" required="true"> </div> <div class="form-group"> <input type="password" class="form-control" name="inputpwd" id="inputpwd" placeholder="Password"> </div> <input type="submit" name="login" class="btn btn-primary btn-user btn-block" value="login"> </form> <hr> <div class="text-center"> <a class="small" href="password-recovery.php" style="font-weight:bold">Forgot Password?</a> </div> <div class="text-center"> <a class="small" href="../index.php" style="font-weight:bold;"><i class="fa fa-home" aria-hidden="true"></i> Home Page</a> </div> </div> </div> </div> </form> </div> </div> </div> </div> </div> <!-- Bootstrap core JavaScript--> <script src="vendor/jquery/jquery.min.js"></script> <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script> <!-- Core plugin JavaScript--> <script src="vendor/jquery-easing/jquery.easing.min.js"></script> <!-- Custom scripts for all pages--> <script src="js/sb-admin-2.min.js"></script> </body> </html>