ok
Mini Shell
<?php session_start();
error_reporting(1);
include 'includes/config.php';
if (empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(random_bytes(32));
$_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs
}
if (isset($_POST['login'])) {
if (hash_equals($_SESSION["token"], $_POST["token"])) {
$uname = $_POST['username'];
$Password = md5($_POST['inputpwd']);
$stmt = $mysqli->prepare("select ID,AdminName,isActive from tbladmin where AdminuserName=? && Password=? ");
$stmt->bind_param("ss", $uname, $Password);
$stmt->execute();
// $query = mysqli_query($con, "select ID,AdminName,isActive from tbladmin where AdminuserName='$uname' && Password='$Password' ");
$result = $stmt->get_result();
$ret = $result->fetch_assoc();
if ($ret > 0) {
$_SESSION['aid'] = $ret['ID'];
unset($_SESSION['token']);
unset($_SESSION['token-expire']);
header('location:dashboard.php');
} else {
echo "<script>alert('Invalid Details.');</script>";
}
} else {
echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Admin Login</title>
<!-- Custom fonts for this template-->
<link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet">
<!-- Custom styles for this template-->
<link href="css/sb-admin-2.min.css" rel="stylesheet">
</head>
<body style="background-image: linear-gradient(to right top, #051937, #004d7a, #008793, #00bf72, #a8eb12);">
<div class="container">
<!-- Outer Row -->
<div class="row justify-content-center">
<div class="col-xl-10 col-lg-12 col-md-9">
<?php $query = mysqli_query($con, "select * from tblsite");
while ($row = mysqli_fetch_array($query)) {
$logo = $row['siteLogo'];
$wtitle = $row['siteTitle'];
} ?>
<p align="center">
<img src="uploadeddata/<?php echo $logo; ?>" width="150">
</p>
<h3 align="center" style="margin-top:4%;color:#fff"><?php echo $wtitle; ?></h3>
<div class="card o-hidden border-0 shadow-lg my-5">
<div class="card-body p-0">
<!-- Nested Row within Card Body -->
<form name="login" method="post" autocomplete="off">
<input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>">
<div class="row">
<div class="col-lg-6 d-none d-lg-block bg-login-image"></div>
<div class="col-lg-6">
<div class="p-5">
<div class="text-center">
<h1 class="h4 text-gray-900 mb-4">Welcome Back!</h1>
</div>
<form class="user">
<div class="form-group">
<input type="text" class="form-control" name="username" id="username" placeholder="Enter username" required="true">
</div>
<div class="form-group">
<input type="password" class="form-control" name="inputpwd" id="inputpwd" placeholder="Password">
</div>
<input type="submit" name="login" class="btn btn-primary btn-user btn-block" value="login">
</form>
<hr>
<div class="text-center">
<a class="small" href="password-recovery.php" style="font-weight:bold">Forgot Password?</a>
</div>
<div class="text-center">
<a class="small" href="../index.php" style="font-weight:bold;"><i class="fa fa-home" aria-hidden="true"></i> Home Page</a>
</div>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/sb-admin-2.min.js"></script>
</body>
</html>
Zerion Mini Shell 1.0