CasperSecurity
<?php
session_start();
// include '../dbconnection.php';
include '../config.php';
include '../encryption.php';
include '../../inc/encrypter.php';
$myconn = "";
$user_name = $_POST['username'];
$passwordd = $_POST['password'];
//$language=$_POST['language'];
$dbhost = $host;
$dbusername = $user;
$dbpassword = $pass;
$dbdatabase = $db;
$school_name = $app_name;
$dbHandles = connectDB($dbhost, $dbusername, $dbpassword, $dbdatabase);
$check_class = numRows($dbHandles, "SELECT * FROM (student
INNER JOIN class ON student.class_id =class.class_id) WHERE student.registration_no = '$user_name' AND class.class_name = 'MBA'");
$abcd = 'eXFHZlJCTmpHSnBINFlxUjR3UFJyQT09';
$pas = amebi_crypt($abcd, 'd');
$newCaptcha = $_POST['captcha'];
if ($newCaptcha != amebiCrypt($_SESSION['digit'], 'd')) {
unset($_SESSION['digit']);
$_SESSION['ERROR_MSG'] = "Wrong Captcha";
header('location:../../');
exit();
}
$password = amebi_crypt($passwordd, 'e');
//echo $password;
$macaddress = '98:FA:9B:26:59:4E';
date_default_timezone_set('Asia/Kolkata');
$ctime = date('H:i');
//if ($check_class != '1') {
if ($check_class != 1) {
if (!empty($user_name)) {
//$dbHandles = new DBController();
$dbHandles = connectDB($dbhost, $dbusername, $dbpassword, $dbdatabase);
$checkuser = numRows($dbHandles, "SELECT * FROM user WHERE BINARY user_login_id = BINARY '$user_name' AND BINARY password = BINARY '$password' AND is_active = 'yes'");
if ($checkuser == '1') {
$user_details = runQuery($dbHandles, "SELECT * FROM user WHERE BINARY user_login_id = BINARY '$user_name' AND BINARY password = BINARY '$password' AND is_active = 'yes'");
foreach ($user_details as $user_data) {
$_SESSION['USER_ID'] = $user_data['user_id'];
$_SESSION['userId'] = $user_data['user_id'];
$_SESSION['USER_NAME'] = $user_data['user_name'];
$_SESSION['USER_TYPE'] = $user_data['type'];
//$_SESSION['USER_LANG'] = $language;
}
echo "Success";
header('location:../../home/modules/university');
} else {
echo "Invalid User Name or Password";
//Login ID and password doesnot matched
$_SESSION['ERROR_MSG'] = "Invalid User Name or Password";
session_unset();
session_destroy();
header('location:' . $_SERVER['HTTP_REFERER']);
}
} else {
$_SESSION['ERROR_MSG'] = "Please Enter User Name";
session_unset();
session_destroy();
header('location:' . $_SERVER['HTTP_REFERER']);
}
} else {
$_SESSION['ERROR_MSG'] = "Please Enter correct User Name";
session_unset();
session_destroy();
header('location:' . $_SERVER['HTTP_REFERER']);
}
function connectDB($dbhost, $dbusername, $dbpassword, $dbdatabase)
{
$conn = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbdatabase);
mysqli_set_charset($conn, "utf8");
if (!$conn) {
die('Could not connect to Server !');
} else {
$myconn = $conn;
//echo 'Connection established!';
}
return $myconn;
}
//function numRows($myconn, $query)
//{
// //echo $query;
// $result = mysqli_query($myconn, $query);
// $rowcount = mysqli_num_rows($result);
// return $rowcount;
//}
function numRows($myconn, $query)
{
$result = mysqli_query($myconn, $query);
if (!$result) return 0; // ADD THIS LINE
return mysqli_num_rows($result);
}
//function runQuery($myconn, $query)
//{
// $result = mysqli_query($myconn, $query);
// while ($row = mysqli_fetch_assoc($result)) {
// $resultset[] = $row;
//
// }
// if (!empty($resultset))
// return $resultset;
//}
function runQuery($myconn, $query)
{
$resultset = []; // ADD THIS LINE
$result = mysqli_query($myconn, $query);
while ($row = mysqli_fetch_assoc($result)) {
$resultset[] = $row;
}
return $resultset;
}
?>