| Server IP : 104.21.80.248 / Your IP : 172.71.28.156 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Inetpub/www/news/elearning/admin/ |
Upload File : |
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
require '../configs/app_top.php';
if (is_admin_logged_in() ) { redirect(generate_admin_link("home")); exit; }
if (isset($_POST['mode']) && $_POST['mode'] == 'login') {
$redirectTo = "login";
$username = safe_input($_POST['username']);
$admin_pass = safe_input($_POST['userpass']);
if ($username == '' || $admin_pass == '') {
$_SESSION["errorMsg"] = "Error in login. Please login with your username and password";
$_SESSION["errorType"] = "danger";
} else {
$sql = "SELECT admin_id, adm_full_name, adm_email, adm_username FROM " . TBL_ADMIN . " "
. "WHERE 1 AND adm_username = :username AND adm_pass = :pass LIMIT 1";
try {
$stmt = $DB->prepare($sql);
$stmt->bindValue(":username", $username);
$stmt->bindValue(":pass", md5($admin_pass));
$stmt->execute();
$results = $stmt->fetchAll();
} catch (Exception $ex) {
$_SESSION["errorMsg"] = $ex->getMessage();
$_SESSION["errorType"] = "danger";
}
if (count($results) > 0) {
$_SESSION["admin_id"] = $results[0]["admin_id"];
$_SESSION["admin_full_name"] = $results[0]["adm_full_name"];
$_SESSION["admin_email"] = $results[0]["adm_email"];
$_SESSION["adm_username"] = $results[0]["adm_username"];
redirect(generate_admin_link("home"));
} else {
$_SESSION["errorMsg"] = "Incorrect admin details.";
$_SESSION["errorType"] = "danger";
}
}
redirect(generate_admin_link($redirectTo));
} else if (isset($_POST['mode']) && $_POST['mode'] == 'fp') {
$redirectTo = "forgot_password";
$admin_name = safe_input($_POST['user_name']);
if ($admin_name == '') {
$_SESSION["errorMsg"] = "Please provide your email";
$_SESSION["errorType"] = "danger";
} else {
$sql = "SELECT admin_id, adm_full_name, adm_email, adm_username FROM " . TBL_ADMIN . " "
. "WHERE 1 AND adm_username = :admname LIMIT 1";
try {
$stmt = $DB->prepare($sql);
$stmt->bindValue(":admname", $admin_name);
$stmt->execute();
$results = $stmt->fetchAll();
} catch (Exception $ex) {
$_SESSION["errorMsg"] = $ex->getMessage();
$_SESSION["errorType"] = "danger";
}
if (count($results) > 0) {
$new_password = '123456';
$sql2 = "UPDATE " . TBL_ADMIN . " SET adm_pass = :pass WHERE admin_id = :admin_id";
try {
$stmt = $DB->prepare($sql2);
$stmt->bindValue(":pass", md5($new_password));
$stmt->bindValue(":admin_id", $results[0]["admin_id"]);
$stmt->execute();
$retval = $stmt->rowCount();
if ($retval > 0) {
$_SESSION["errorMsg"] = "Your New password is 123456<br>Please change your password now.";
$_SESSION["errorType"] = "success";
$_SESSION["admin_id"] = $results[0]["admin_id"];
$_SESSION["admin_full_name"] = $results[0]["adm_full_name"];
$_SESSION["admin_email"] = $results[0]["adm_email"];
$_SESSION["adm_username"] = $results[0]["adm_username"];
redirect(generate_admin_link('manage_profile'));
} else {
$_SESSION["errorMsg"] = "Failed to update password. Try Again";
$_SESSION["errorType"] = "danger";
}
} catch (Exception $ex) {
$_SESSION["errorMsg"] = $ex->getMessage();
$_SESSION["errorType"] = "danger";
}
} else {
$_SESSION["errorMsg"] = "User does not exist";
$_SESSION["errorType"] = "danger";
}
}
redirect(generate_admin_link($redirectTo));
}
redirect(generate_admin_link("login"));
?>