Hackfut Security File Manager
Current Path:
/home/u126195517/domains/foodstamping.in/public_html/admin
home
/
u126195517
/
domains
/
foodstamping.in
/
public_html
/
admin
/
📁
..
📁
assets
📄
categories.php
(15.94 KB)
📄
get-product.php
(604 B)
📄
index.php
(7.83 KB)
📄
login.php
(4.52 KB)
📄
logout.php
(557 B)
📄
orders.php
(10.34 KB)
📄
product-action.php
(2.63 KB)
📄
product-images.php
(14.15 KB)
📄
product-save.php
(6.86 KB)
📄
product-specifications.php
(11.11 KB)
📄
products.php
(48.18 KB)
📄
reviews.php
(12.46 KB)
📄
specifications.php
(14.72 KB)
Editing: login.php
<?php session_start(); require_once '../config/database.php'; // If a user is already logged in, redirect them to the dashboard. if(isset($_SESSION['admin_id'])) { header("Location: index.php"); exit(); } $error = ''; if($_SERVER['REQUEST_METHOD'] == 'POST') { // Basic input validation/sanitization if (empty(trim($_POST['username'])) || empty(trim($_POST['password']))) { $error = "Username and password are required."; } else { $username = trim($_POST['username']); $password = trim($_POST['password']); $database = new Database(); $db = $database->getConnection(); // Prepare a statement to prevent SQL injection. // It's good practice to select only the columns you need. $query = "SELECT id, full_name, role, password FROM admin_users WHERE username = :username AND status = 1"; $stmt = $db->prepare($query); $stmt->bindParam(':username', $username); $stmt->execute(); // Check if a user with that username was found if($stmt->rowCount() > 0) { $admin = $stmt->fetch(PDO::FETCH_ASSOC); // Verify the submitted password against the HASHED password from the database if(password_verify($password, $admin['password'])) { // Password is correct, start the session // BEST PRACTICE: Regenerate session ID to prevent session fixation. session_regenerate_id(true); $_SESSION['admin_id'] = $admin['id']; $_SESSION['admin_name'] = $admin['full_name']; $_SESSION['admin_role'] = $admin['role']; // Update the last login timestamp $update_query = "UPDATE admin_users SET last_login = NOW() WHERE id = :id"; $update_stmt = $db->prepare($update_query); $update_stmt->bindParam(':id', $admin['id']); $update_stmt->execute(); // Redirect to the admin dashboard header("Location: index.php"); exit(); } else { // Password was incorrect. // For security, use a generic message in production. $error = "Invalid username or password!"; // For DEBUGGING, you might temporarily use: $error = "User found, but password was incorrect."; } } else { // No user found with that username or the account is inactive. // For security, use a generic message in production. $error = "Invalid username or password!"; // For DEBUGGING, you might temporarily use: $error = "No active user found with that username."; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Admin Login</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet"> <style> body { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); height: 100vh; display: flex; align-items: center; justify-content: center; } .login-card { width: 400px; padding: 40px; background: white; border-radius: 10px; box-shadow: 0 10px 40px rgba(0,0,0,0.1); } </style> </head> <body> <div class="login-card"> <h3 class="text-center mb-4">Admin Login</h3> <?php if($error): ?> <div class="alert alert-danger" role="alert"> <?php echo htmlspecialchars($error); // Sanitize error output ?> </div> <?php endif; ?> <form method="POST" action="login.php"> <!-- Good practice to specify the action file --> <div class="mb-3"> <label for="username" class="form-label">Username</label> <input type="text" class="form-control" id="username" name="username" required> </div> <div class="mb-3"> <label for="password" class="form-label">Password</label> <input type="password" class="form-control" id="password" name="password" required> </div> <button type="submit" class="btn btn-primary w-100">Login</button> </form> </div> </body> </html>
Upload File
Create Folder