MMCT TEAM
Server IP : 217.21.85.138  /  Your IP : 216.73.216.103
Web Server : LiteSpeed
System : Linux in-mum-web906.main-hosting.eu 4.18.0-553.37.1.lve.el8.x86_64 #1 SMP Mon Feb 10 22:45:17 UTC 2025 x86_64
User : u915722082 ( 915722082)
PHP Version : 7.4.33
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF
Directory (0755) :  /home/u915722082/public_html/js/../pms/config/../admin/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/u915722082/public_html/js/../pms/config/../admin/login_process.php
<?php
session_start();
header('Content-Type: application/json');

require_once '../config/config.php';
require_once '../config/db.php';

if (isset($_SESSION['admin_id'])) {
    echo json_encode([
        'success' => true,
        'message' => 'Already logged in',
        'redirect' => 'users.php'
    ]);
    exit;
}

$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';

try {
    if (empty($email) || empty($password)) {
        throw new Exception('Please enter both email and password');
    }
    
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        throw new Exception('Invalid email format');
    }
    
    $stmt = mysqli_prepare($con, "SELECT uid, fname, email, password, role, status FROM tbl_user WHERE email = ?");
    
    if (!$stmt) {
        throw new Exception('Database error occurred');
    }
    
    mysqli_stmt_bind_param($stmt, "s", $email);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    
    if ($user = mysqli_fetch_assoc($result)) {
        if ($user['status'] !== 'active') {
            mysqli_stmt_close($stmt);
            throw new Exception('Your account is inactive. Please contact administrator.');
        }
        
        if (password_verify($password, $user['password'])) {
            $_SESSION['admin_id'] = $user['uid'];
            $_SESSION['user_id'] = $user['uid'];
            $_SESSION['user_name'] = $user['fname'];
            $_SESSION['user_email'] = $user['email'];
            $_SESSION['role'] = $user['role'];
            
            // Update last login
            $check_column = mysqli_query($con, "SHOW COLUMNS FROM tbl_user LIKE 'last_login'");
            if (mysqli_num_rows($check_column) > 0) {
                $update_stmt = mysqli_prepare($con, "UPDATE tbl_user SET last_login = NOW() WHERE uid = ?");
                mysqli_stmt_bind_param($update_stmt, "i", $user['uid']);
                mysqli_stmt_execute($update_stmt);
                mysqli_stmt_close($update_stmt);
            }
            
            mysqli_stmt_close($stmt);
            
            // ✅ Redirect based on role
            $redirect_page = ($user['role'] === 'Employee') ? 'employee.php' : 'customers.php';
            
            echo json_encode([
                'success' => true,
                'message' => 'Login successful! Redirecting...',
                'redirect' => $redirect_page,
                'user' => [
                    'name' => $user['fname'],
                    'email' => $user['email'],
                    'role' => $user['role']
                ]
            ]);
            exit;
            
        } else {
            mysqli_stmt_close($stmt);
            throw new Exception('Invalid email or password');
        }
    } else {
        mysqli_stmt_close($stmt);
        throw new Exception('Invalid email or password');
    }
    
} catch (Exception $e) {
    echo json_encode([
        'success' => false,
        'message' => $e->getMessage()
    ]);
    exit;
}
?>

MMCT - 2023