<?php session_start(); require('../model/database.php'); require('../model/ad

1. <?php
2. session_start();
3. require('../model/database.php');
4. require('../model/admin_db.php');
5.  
6. $action = filter_input(INPUT_POST, 'action');
7.  
8. if ($action === NULL) {
9.  
10. $action = filter_input(INPUT_GET, 'action');
11.  
12. if ($action === NULL) {
13. $action = '';
14. }
15. }
16.  
17. if(!isset($_SESSION['is_valid_admin'])){
18.  
19. $action = 'get_admin';
20. }
21. switch($action){
22.  
23. case 'get_admin':
24. $username = filter_input(INPUT_POST, 'username');
25. $password = filter_input(INPUT_POST, 'password');
26. echo $username;
27. echo $password;
28. echo is_valid_admin_login($username, $password);
29.  
30. if (is_valid_admin_login($username, $password)){
31. $_SESSION['is_valid_admin']=true;
32. include ('admin_menu.php');
33. }
34.  
35. else{
36. $login_message = 'you must login to view this page.';
37. include ('adminlogin.php');
38. }
39.  
40. include ('adminlogin.php');
41. break;
42.  
43. <?php
44. function is_valid_admin_login($username, $password) {
45. global $db;
46. $password = sha1($username . $password);
47. $query = 'SELECT username FROM administrators
48. WHERE username = :username
49. AND password = :password';
50.  
51. $statement = $db->prepare($query);
52. $statement->bindValue(':username', $username);
53. $statement->bindValue(':password', $password);
54. $statement->execute();
55. $valid = ($statement->rowCount() == 1);
56. $statement->closeCursor();
57. return $valid;
58. }
59. ?>