-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorize.php
76 lines (73 loc) · 2 KB
/
authorize.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<html>
<head>
<?php
session_start();
$db_pwdHash=null;
$_SESSION["esa_brcode"]="";
$con = new mysqli("localhost", "root", "", "electrical_audit");
if ($con->connect_errno) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST["branchCode"]))
$branchCode=$_POST["branchCode"];
$defaultHash=md5('sbi@1234');
$adminPwdHash=md5('admin@1234');
if(isset($_POST["password"]))
$password=$_POST["password"];
$passwordHash= md5($password);
$query=mysqli_query($con,"select pwd_hash from branch_login where branch_code = '$branchCode'");
if(mysqli_affected_rows($con)>0){
$row = mysqli_fetch_array($query);
$db_pwdHash = $row['pwd_hash'];
}
else{
$query2=mysqli_query($con,"INSERT into branch_login (branch_code,pwd_hash) values ('$branchCode','$defaultHash')");
if(mysqli_affected_rows($con)>0){
$query=mysqli_query($con,"select pwd_hash from branch_login where branch_code = '$branchCode'");
$row = mysqli_fetch_array($query);
$db_pwdHash = $row['pwd_hash'];
}
}
if($branchCode === "" || $passwordHash === "")
{
?>
<script type="text/javascript">
alert("Invalid Submission");
</script>
<meta http-equiv="refresh" content="0;URL=loginPage.php">
<?php
}
else if($passwordHash != $db_pwdHash)
{
?>
<script type="text/javascript">
alert("Invalid Branch Code / Password");
</script>
<meta http-equiv="refresh" content="0;URL=loginPage.php">
<?php
}
else if($db_pwdHash === $passwordHash)
{
if($passwordHash === $defaultHash)
{
//storing temporarily so that user has to change the password,
//after which it will be moved to proper session variable
$_SESSION["esa_brcode_temp"] = $branchCode;
?>
<meta http-equiv="refresh" content="0;URL=changePassword.php">
<?php
}
//redirected to billDetails. IF it is admin, bill details will redirect it to reset page
else{
$_SESSION["esa_brcode"] = $branchCode; //proper login.
?>
<meta http-equiv="refresh" content="0;URL=dataEntry.php">
<?php
}
}
$con->close();
?>
</head>
<body>
</body>
</html>