File manager

File manager - Edit - /home/custbahd/irungikitchen.com/admin/secure/index1.php

Back
<?php session_start(); include_once('../db/saucerer.php'); if (empty($_GET['page'])) { $page = ''; } else { $page = $_GET['page']; } // Define variables and initialize with empty values $id = $name = $token = $access = ""; $id_err = $name_err = $token_err = $access_err = ""; // Generating a random number date_default_timezone_set('Africa/Kampala'); $today = date("His-dmY",time()); $code1 = rand(1,9); $code2 = rand(1,9); $code3 = $code1 * $code2; $tokens = "$code3-$today"; // Check if the user is logged in, if not then redirect him to login page if(!isset($_SESSION["failed"]) \|\| $_SESSION["failed"] != true){ $failed = ""; } elseif(!isset($_SESSION["failed"]) \|\| $_SESSION["failed"] == true){ $failed = $_SESSION['failed']; } $sql = "SELECT * FROM access"; //use for MySQLi-OOP $query = $conn->query($sql); while($row = $query->fetch_assoc()){ $access_code = $row['code']; } //IP Address Protocol $ip_address = $_SERVER["REMOTE_ADDR"]; // Check if the "mobile" word exists in User-Agent $isMob = is_numeric(strpos(strtolower($_SERVER["HTTP_USER_AGENT"]), "mobile")); // Check if the "tablet" word exists in User-Agent $isTab = is_numeric(strpos(strtolower($_SERVER["HTTP_USER_AGENT"]), "tablet")); // Platform check $isWin = is_numeric(strpos(strtolower($_SERVER["HTTP_USER_AGENT"]), "windows")); $isAndroid = is_numeric(strpos(strtolower($_SERVER["HTTP_USER_AGENT"]), "android")); $isIPhone = is_numeric(strpos(strtolower($_SERVER["HTTP_USER_AGENT"]), "iphone")); $isIPad = is_numeric(strpos(strtolower($_SERVER["HTTP_USER_AGENT"]), "ipad")); $isIOS = $isIPhone \|\| $isIPad; if($isTab){ if ($isIPad) { $device = 'iPad'; } else { $device = 'Tablet'; } } elseif($isMob){ if ($isIPhone) { $device = 'iPhone'; } else { $device = 'Phone'; } } else{ $device = 'Desktop'; } if($isIOS){ $system = 'iOS'; }elseif($isAndroid){ $system = 'ANDROID'; }elseif($isWin){ $system = 'WINDOWS'; } if ($system == 'WINDOWS') { $system_one = ' on  <i class="fa fa-windows"></i> '.$system.''; } elseif ($system == 'ANDROID') { $system_one = ' on this  <i class="fa fa-android"></i> '.$system.''; } elseif ($system == 'iOS') { $system_one = ' on this  <i class="fa fa-apple"></i> '.$device.''; } $sql = "SELECT * FROM remember WHERE ip_address = '$ip_address'"; //use for MySQLi-OOP $query = $conn->query($sql); if($row = $query->fetch_assoc()){ $remember_one = $row['remember']; } else { $remember_one = ''; } $sql = "SELECT * FROM remember WHERE ip_address = '$ip_address' AND access = '$access_code' AND remember = '1'"; $query = $conn->query($sql); if($query->num_rows > 0){ // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["name"] = $row['user_name']; $_SESSION["token"] = $row['token']; $_SESSION["access"] = $row['access']; header('location: ../'.$page.''); } if(isset($_POST['submit'])){ $user_name = $_POST['name']; $ip_address = $ip_address; $device_name = $device; $system_name = $system; $token = $_POST['token']; $access = $_POST['access']; $remember = $_POST['remember']; $sql = "SELECT * FROM remember WHERE ip_address = '".$ip_address."'"; $query = $conn->query($sql); if($query->num_rows > 0){ if ($_POST['access']==$access) { $sql = "UPDATE remember SET access = '$access', remember = '$remember' WHERE ip_address = '".$ip_address."'"; } } else { $sql = "INSERT INTO remember (user_name, ip_address, device_name, system_name, token, access, remember) VALUES ('$user_name','$ip_address','$device_name','$system_name','$token','$access','$remember')"; } //use for MySQLi OOP $conn->query($sql); } ?> <?php // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ $name = trim($_POST["name"]); $token = trim($_POST["token"]); $access = trim($_POST["access"]); $handler = "Admin"; $user = trim($_POST["name"]); // Validate code if(empty(trim($_POST["access"]))){ $access_err = "Invalid access code!"; } else{ // Prepare a select statement $sql = "SELECT id FROM access WHERE code = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_access); // Set parameters $param_access = trim($_POST["access"]); // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ /* store result / mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt) == 0){ $action = "Login"; $attempt = "Failed"; $access_err = "Invalid access code!"; // Prepare an insert statement $sql = "INSERT INTO secure (name, token, access, attempt, user, handler, action, ip_address, device_name, system_name) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ssssssssss", $param_name, $param_token, $param_access, $param_attempt, $param_user, $param_handler, $param_action, $param_ip_address, $param_device_name, $param_system_name); // Set parameters $param_name = $name; $param_token = $token; $param_access = $access; $param_action = $action; $param_user = $user; $param_handler = $handler; $param_attempt = $attempt; $param_ip_address = $ip_address; $param_device_name = $device_name; $param_system_name = $system_name; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Store data in session variables $_SESSION["failed"] = true; $_SESSION["name"] = $name; } } } } else{ $_SESSION['error'] = "Oops! Something went wrong. Please try again later."; } // Close statement mysqli_stmt_close($stmt); } } // Login Succesful if(empty($name_err) && empty($token_err) && empty($access_err)){ $action = "Login"; $attempt = "Succesful"; // Prepare an insert statement $sql = "INSERT INTO secure (name, token, access, attempt, user, handler, action, ip_address, device_name, system_name) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ssssssssss", $param_name, $param_token, $param_access, $param_attempt, $param_user, $param_handler, $param_action, $param_ip_address, $param_device_name, $param_system_name); // Set parameters $param_name = $name; $param_token = $token; $param_access = $access; $param_action = $action; $param_user = $user; $param_handler = $handler; $param_attempt = $attempt; $param_ip_address = $ip_address; $param_device_name = $device_name; $param_system_name = $system_name; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["name"] = $name; $_SESSION["token"] = $token; $_SESSION["access"] = $access; // Redirect to login page header("location: ../".$page.""); } else{ $_SESSION['error'] = "Something went wrong. Please try again."; } // Close statement mysqli_stmt_close($stmt); } } // Close connection mysqli_close($link); } ?> <?php $db_handle = new DBController(); if(!empty($_GET["action"])) { switch($_GET["action"]) { case "add": if(!empty($_POST["quantity"])) { $productByCode = $db_handle->runQuery("SELECT FROM shop WHERE id='" . $_GET["id"] . "'"); $itemArray = array($productByCode[0]["id"]=>array('name'=>$productByCode[0]["name"], 'id'=>$productByCode[0]["id"], 'quantity'=>$_POST["quantity"], 'cat'=>$productByCode[0]["cat"], 'label_1'=>$productByCode[0]["label_1"], 'price_1'=>$productByCode[0]["price_1"], 'label_2'=>$productByCode[0]["label_2"], 'price_2'=>$productByCode[0]["price_2"], 'label_3'=>$productByCode[0]["label_3"], 'price_3'=>$productByCode[0]["price_3"], 'image'=>$productByCode[0]["image"])); if(!empty($_SESSION["cart_item"])) { if(in_array($productByCode[0]["id"],array_keys($_SESSION["cart_item"]))) { foreach($_SESSION["cart_item"] as $k => $v) { if($productByCode[0]["id"] == $k) { if(empty($_SESSION["cart_item"][$k]["quantity"])) { $_SESSION["cart_item"][$k]["quantity"] = 0; } $_SESSION["cart_item"][$k]["quantity"] += $_POST["quantity"]; } } } else { $_SESSION["cart_item"] = array_merge($_SESSION["cart_item"],$itemArray); } } else { $_SESSION["cart_item"] = $itemArray; } } break; case "remove": if(!empty($_SESSION["cart_item"])) { foreach($_SESSION["cart_item"] as $k => $v) { if($_GET["id"] == $k) unset($_SESSION["cart_item"][$k]); if(empty($_SESSION["cart_item"])) unset($_SESSION["cart_item"]); } } break; case "empty": unset($_SESSION["cart_item"]); break; } } ?> <!DOCTYPE html> <html lang="en" class="h-100"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,initial-scale=1"> <title>Admin \| Irungi Kitchen</title> <!-- Favicon icon --> <link rel="shortcut icon" href="../../img/fav-icon.png"> <link rel="apple-touch-icon" href="../../img/apple-touch-icon.png"> <link href="../css/style.css" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@100;200;300;400;500;600;700;800;900&family=Roboto:wght@100;300;400;500;700;900&display=swap" rel="stylesheet"> </head> <body class="h-100"> <div class="authincation h-100"> <div class="container h-100"> <div class="row justify-content-center h-100 align-items-center"> <div class="col-md-6"> <div class="authincation-content"> <div class="row no-gutters"> <div class="col-xl-12"> <div class="auth-form"> <div class="text-center mb-3"> <a href="#!"><img src="../../img/irungi-logo.png" alt="Irungi Kitchen"></a> </div> <h2 class="text-center text-pink">Secure Validator</h2> <h4 class="text-center mb-4 text-white fs-12">Authorized personels only, login to proceed</h4> <form action="./?page=<?php echo ($page);?>" enctype="multipart/form-data" method="POST"> <div class="form-group <?php echo (!empty($name_err)) ? 'has-error' : ''; ?>"> <?php if ($failed == true) { echo '<input type="text" class="form-control" name="name" placeholder="Full Names" value="'.$_SESSION["name"].'" required>'; } elseif ($failed != true) { echo '<input type="text" class="form-control" name="name" placeholder="Full Names" required>'; } ?> <span class="help-block"><?php echo $name_err; ?></span> </div> <div class="form-group <?php echo (!empty($access_err)) ? 'has-error' : ''; ?>"> <input type="text" class="form-control" name="access" placeholder="Access Code" required> <span class="help-block"><?php echo $access_err; ?></span> </div> <input class="form-control" type="hidden" name="token" value="<?php echo $tokens; ?>"> <div class="form-row d-flex justify-content-between mt-2 mb-2"> <div class="form-group"> <div class="custom-control custom-checkbox ml-1 text-white"> <?php if ($remember_one) { echo '<input type="checkbox" name="remember" class="custom-control-input" id="basic_checkbox_1" value="1" checked>'; } else { echo '<input type="checkbox" name="remember" class="custom-control-input" id="basic_checkbox_1" value="1">'; } echo '<label class="custom-control-label fs-12" for="basic_checkbox_1"><span class="ml-2">Remember me '.$system_one.'</span></label>'; ?> </div> </div> </div> <div class="text-center"> <button type="submit" name="submit" class="btn bg-white text-primary btn-block">Gain Access  <i class="fa fa-arrow-right"></i></button> </div> </form> </div> </div> </div> </div> </div> </div> </div> </div> <!--******************************** Scripts *********************************--> <!-- Required vendors --> <script src="../vendor/global/global.min.js"></script> <script src="../js/custom.min.js"></script> <script src="../js/deznav-init.js"></script> </body> </html>

| ver. 1.4 | Github | . | PHP 8.1.33 | Generation time: 1.71 | proxy | phpinfo | Settings