Файл: Source/admin/index.php
Строк: 163
<?php
/*
* Script name: Points4Prize
* Author: Soft Projects
* Date created: 15/07/2015
*/
// Turn off error reporting
error_reporting(0);
ini_set('error_reporting', E_ALL);
session_start();
ob_start();
$cofig_file = include("../auth/config.php");
include("../site_settings.php");
$DB_CONNECT = mysql_connect($cofig_file['db']['host'], $cofig_file['db']['username'], $cofig_file['db']['password']);
mysql_select_db($cofig_file['db']['dbname'], $DB_CONNECT) or die(mysql_error());
mysql_query("SET NAMES utf8");
$id = @$_SESSION['userinfo']['id'];
$use = mysql_query("SELECT * FROM `admin` WHERE id='$id'");
$user = mysql_fetch_assoc($use);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>
<?php echo $GLOBALS['site_name'];?> - Login to admin panel
</title>
<!-- BOOTSTRAP -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- LANCENG CSS -->
<link href="css/style.css" rel="stylesheet">
<link href="css/grey.css" rel="stylesheet">
<link href="css/style-responsive.css" rel="stylesheet">
<link href="css/font-awesome.min.css" rel="stylesheet">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js">
</script>
<script src="js/bootstrap.min.js">
</script>
</head>
<!-- BODY -->
<body class="tooltips full-content">
<?php
if (@$_SESSION['logged'] == true) {
header("Location: dashboard.php");
} else {
?>
<!-- BEGIN PAGE -->
<div class="container">
<!-- Begin Login Page -->
<div class="full-content-center animated fadeInDownBig">
<div class="text-center">
<a href="index.php">
<img src="img/logo-admin.png" style="margin-top: 60px;margin-right: 9px;" />
</a>
</div>
<div class="login-wrap">
<div class="box-info">
<h2 class="text-center">
<strong>
Login to Admin Panel
</strong>
</h2>
<form role="form" method="post" action="index.php">
<?php
if (isset($_POST['login'])) {
$name = htmlspecialchars($_POST['name']);
$pass = htmlspecialchars($_POST['password']);
$pass = md5($pass);
$info = mysql_query("SELECT * FROM admin WHERE name = '$name'") or die(mysql_error());
$data = mysql_fetch_array($info);
if (empty($name)) {
echo '
<div class="alert alert-warning" role="alert">
Please fill username.
<button type="button" class="close" data-dismiss="alert">
<span aria-hidden="true">
×
</span>
<span class="sr-only">
Close
</span>
</button>
</div>
';
} elseif (empty($pass)) {
echo '
<div class="alert alert-warning" role="alert">
Please fill password.
<button type="button" class="close" data-dismiss="alert">
<span aria-hidden="true">
×
</span>
<span class="sr-only">
Close
</span>
</button>
</div>
';
} elseif ($data['password'] != $pass) {
echo '
<div class="alert alert-danger" role="alert">
Wrong username or password!
<button type="button" class="close" data-dismiss="alert">
<span aria-hidden="true">
×
</span>
<span class="sr-only">
Close
</span>
</button>
</div>
';
} else {
$runq = mysql_query("SELECT * FROM `admin` WHERE name='$name' AND password='$pass'");
$provLogin = mysql_num_rows($runq);
if ($provLogin == 1) {
$row = mysql_fetch_array($runq);
$_SESSION['userinfo'] = $row;
$_SESSION['logged'] = true;
echo '
<script type="text/javascript">
window.location = "dashboard.php"</script>
';
header('Location: dashboard.php');
}
}
} else {
echo
'
';
}
?>
<div class="form-group login-input">
<i class="fa fa-sign-in overlay">
</i>
<input type="text" name="name" class="form-control text-input" placeholder="Username">
</div>
<div class="form-group login-input">
<i class="fa fa-key overlay">
</i>
<input type="password" name="password" class="form-control text-input" placeholder="Password">
</div>
<div class="row">
<div class="col-sm-6">
<button type="submit" name="login" class="btn btn-success btn-block">
<i class="fa fa-unlock">
</i>
Login
</button>
</div>
<div class="col-sm-6">
<button class="btn btn-default btn-block btn-info">
Clear form
</button>
</div>
</div>
</form>
</div>
</div>
</div>
<!-- End Login Page -->
</div>
<!-- End div .container -->
<!-- END PAGE -->
<?php
}
ob_end_flush();
?>
</body>
</html>