Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include('../../configs/conf.php');
- function GetId($account) {
- include('../../configs/conf.php');
- $stmt = $conn->prepare("SELECT id FROM account WHERE username = ?");
- $stmt->bind_param("s", $account);
- $stmt->execute();
- $stmt->bind_result($id);
- $stmt->store_result();
- $stmt->fetch();
- if ($stmt->num_rows > 0) {
- return $id;
- }
- }
- function encryptsha($user,$pass) {
- $user = strtoupper($user);
- $pass = strtoupper($pass);
- return strtoupper(sha1($user.':'.$pass));
- }
- $username = $_POST['username'];
- $password = encryptsha($username, $_POST['password']);
- $admincode = strtoupper($_POST['admincode']);
- $accountId = GetId($username);
- $stmt = $conn->prepare("SELECT * FROM account WHERE username = ? AND sha_pass_hash = ?");
- $stmt->bind_param("ss", $username, $password);
- $stmt->execute();
- $stmt->store_result();
- $stmt->fetch();
- if($stmt->num_rows > 0) {
- $stmt2 = $conn->prepare("SELECT gmlevel FROM account_access WHERE id = ?");
- $stmt2->bind_param("i", $accountId);
- $stmt2->execute();
- $stmt2->bind_result($gmlevel);
- $stmt2->store_result();
- $stmt2->fetch();
- if($stmt2->num_rows > 0) {
- mysqli_select_db($conn, $webdbname);
- $stmt3 = $conn->prepare("SELECT admin_code FROM accounts WHERE username = ?");
- $stmt3->bind_param("s", $username);
- $stmt3->execute();
- $stmt3->bind_result($admincode2);
- $stmt3->store_result();
- $stmt3->fetch();
- if(strcmp($admincode, $admincode2) == 0) {
- $_SESSION['adminuser'] = strtoupper($username);
- echo "<div class='alert alert-success'><strong>Success!</strong> You will be logged in.</div>";
- } else {
- echo "<div class='alert alert-danger'><strong>Failed to Login!</strong> Admin Code is incorrect!</div>";
- }
- }else{
- echo "<div class='alert alert-danger'><strong>Failed to Login!</strong> You are not an Administrator!</div>";
- }
- }else {
- echo "<div class='alert alert-danger'><strong>Failed!</strong> Password is incorrect!</div>";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement