forked from sabeelmuttil/Exam-Assistant
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadmin.php
executable file
·110 lines (82 loc) · 2.71 KB
/
admin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['admi'])!="" ) {
header("Location: dash.php");
exit;
}
$error = false;
if( isset($_POST['bttngo']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// prevent sql injections / clear user invalid inputs
if(empty($email)){
$error = true;
$emailError = "Please enter your email address.";
} else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
// if there's no error, continue to login
if (!$error) {
$password = hash('sha256', $pass); // password hashing using SHA256
$res=mysql_query("SELECT admid, admname, admpass FROM admin WHERE admemail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['admpass']==$password ) {
$_SESSION['admi'] = $row['admid'];
header("Location: dash.php");
} else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Admin Login</title>
<link rel="stylesheet" href="css/reset.min.css">
<link rel='stylesheet prefetch' href='css/font1.css'>
<link rel='stylesheet prefetch' href='css/font-awesome.min.css'>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="pen-title">
<h1>App name</h1>
</div>
<div class="container">
<div class="card"></div>
<div class="card">
<h1 class="title">Login</h1>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="on">
<div class="input-container">
<input type="email" name="email" required="required" value="<?php echo $email; ?>" maxlength="40" />
<label>Email</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" name="pass" required="required"/>
<label>Password</label>
<div class="bar"></div>
</div>
<div class="button-container">
<button type="submit" name="bttngo"><span>Go</span></button>
</div>
</form>
</div>
</div>
</body>
</html>