| Server IP : 104.21.80.248 / Your IP : 162.159.115.42 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : E:/Inetpub/www/news/elearning/ |
Upload File : |
<?php
require './configs/app_top.php';
if (isset($_POST['mode']) && $_POST['mode'] == 'login') {
$redirectTo = "login";
$email = safe_input($_POST['u_email']);
$admin_pass = safe_input($_POST['u_pass']);
if ($email == '' || $admin_pass == '') {
$_SESSION["errorMsg"] = "Error in login. Please login with your username and password";
$_SESSION["errorType"] = "danger";
} else {
$sql = "SELECT user_id, user_fullname, user_class , user_email FROM " . TBL_USERS . " "
. "WHERE 1 AND user_email = :email AND user_pass = :pass LIMIT 1";
try {
$stmt = $DB->prepare($sql);
$stmt->bindValue(":email", $email);
$stmt->bindValue(":pass", md5($admin_pass));
$stmt->execute();
$results = $stmt->fetchAll();
} catch (Exception $ex) {
$_SESSION["errorMsg"] = $ex->getMessage();
$_SESSION["errorType"] = "danger";
}
if (count($results) > 0) {
$_SESSION["user_id"] = $results[0]["user_id"];
$_SESSION["user_fullname"] = $results[0]["user_fullname"];
$_SESSION["user_class"] = $results[0]["user_class"];
$_SESSION["user_email"] = $results[0]["user_email"];
redirect(generate_site_link("index"));
} else {
$_SESSION["errorMsg"] = "Incorrect user details. Try Again";
$_SESSION["errorType"] = "danger";
}
}
redirect(generate_site_link($redirectTo));
} else if (isset($_POST['mode']) && $_POST['mode'] == 'ca') {
$redirectTo = "login";
$username = safe_input($_POST['username']);
$class = safe_input($_POST['class']);
$email = safe_input($_POST['user_email']);
$password1 = safe_input($_POST['password1']);
$password2 = safe_input($_POST['password2']);
if ($username == '' || $email == "" || $password1 == "" || $password1 != $password2) {
$_SESSION["errorMsg"] = "Please enter correct data.";
$_SESSION["errorType"] = "danger";
} else {
$sql = "SELECT COUNT(*) as count FROM " . TBL_USERS . " "
. "WHERE 1 AND user_email = :email";
try {
$stmt = $DB->prepare($sql);
$stmt->bindValue(":email", $email);
$stmt->execute();
$results = $stmt->fetchAll();
if ($results[0]["count"] > 0) {
$_SESSION["errorMsg"] = "เลขประจำตัว หรือ USERNAME นี้ มีผู้ใช้งานแล้ว";
$_SESSION["errorType"] = "danger";
$s = "err=1";
} else {
$sql = "INSERT INTO " . TBL_USERS . " "
. "( `user_fullname`, `user_email`, `user_class`,`user_pass` ) VALUES "
. "(:fname, :email, :class, :pass)";
$stmt = $DB->prepare($sql);
$stmt->bindValue(":fname", $username);
$stmt->bindValue(":email", $email);
$stmt->bindValue(":class", $class);
$stmt->bindValue(":pass", md5($password1));
$stmt->execute();
$retval = $stmt->rowCount();
if ($retval > 0) {
$last_id = $DB->lastInsertId();
$_SESSION["errorMsg"] = "New user has been created successfully.";
$_SESSION["errorType"] = "success";
$msg = "";
$msg .= "Hi " . $username . "\r\n";
$msg .= "Thank You for registering with us.";
$msg = wordwrap($msg);
@mail($email, "New Registration", $msg);
$_SESSION["user_id"] = $last_id;
$_SESSION["user_fullname"] = $username;
$_SESSION["user_class"] = $class;
$_SESSION["user_email"] = $email;
redirect(generate_site_link("index"));
exit;
} else {
$_SESSION["errorMsg"] = "Failed to create user.";
$_SESSION["errorType"] = "danger";
}
}
} catch (Exception $ex) {
$_SESSION["errorMsg"] = $ex->getMessage();
$_SESSION["errorType"] = "danger";
}
}
redirect(generate_site_link($redirectTo, $s));
}
redirect(generate_site_link("index"));
?>