ohctech/csrtechnew.ohctech.in
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
csrtechnew.ohctech.in/index.php

479 lines
16 KiB
PHP
Raw Normal View History

csrtech_8
2025-04-14 13:28:09 +05:30
<?php
include('includes/config/config.php');
include('constants.php');
include('log_entry.php');
include('includes/functions.php');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT">
<title>CSRTech | CSR Management System</title>
<!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<!-- Bootstrap 3.3.7 -->
<link rel="stylesheet" href="adminlte/bower_components/bootstrap/dist/css/bootstrap.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="adminlte/bower_components/font-awesome/css/font-awesome.min.css">
<!-- Ionicons -->
<link rel="stylesheet" href="adminlte/bower_components/Ionicons/css/ionicons.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="adminlte/dist/css/AdminLTE.min.css">
<!-- iCheck -->
<link rel="stylesheet" href="adminlte/plugins/iCheck/square/blue.css">
<!-- <link rel="icon" type="image/png" href="images/n1.jpg" />-->
<!-- Google Font -->
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
<!-- <style>
body {
background-image: url("images/diwali.gif") !important;
background-repeat: repeat-both;
}
</style>
-->
<style>
.alert-w {
padding: 20px;
background-color: orange;
/* yellow */
color: white;
margin-bottom: 15px;
text-align: center;
}
.alert-d {
padding: 20px;
background-color: #f44336;
/* Red */
color: white;
margin-bottom: 15px;
text-align: center;
}
/* The close button */
.closebtn {
margin-left: 15px;
color: white;
font-weight: bold;
float: right;
font-size: 22px;
line-height: 20px;
cursor: pointer;
transition: 0.3s;
}
/* When moving the mouse over the close button */
.closebtn:hover {
color: black;
}
phpv8 changes
2025-08-29 16:30:39 +05:30
.login-box {
background-color: rgba(255, 255, 255, 0.8); /* semi-transparent white */
border-radius: 15px;
padding: 30px;
border: 1px solid rgba(255, 255, 255, 0.3); /* light border */
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.2); /* soft shadow */
backdrop-filter: blur(10px); /* blur effect */
-webkit-backdrop-filter: blur(10px); /* Safari support */
transition: 0.3s ease-in-out;
}
csrtech_8
2025-04-14 13:28:09 +05:30
</style>
</head>
<script>
function delCookie(NameOfCookie) {
// The function simply checks to see if the cookie is set.
// If so, the expiration date is set to Jan. 1st 1970.
if (getCookie(NameOfCookie)) {
document.cookie = NameOfCookie + "=" + "; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
}
</script>
<?php
phpv8 changes
2025-08-29 16:30:39 +05:30
session_start();
$hide = $_REQUEST['hide'];
csrtech_8
2025-04-14 13:28:09 +05:30
if ($hide == 1) {
if (isset($_POST['token'])) {
// error_log('#tocken' . $_POST['token']);
// error_log('#sess' . $_SESSION['csrf_Token']);
if ($_POST['token'] == $_SESSION['csrf_Token']) {
// echo "CSRF Token accepted";
// Getting username/ email and password
$str = $_POST['user_name'];
$str = strtolower($str);
$str = addslashes($str);
$username = htmlspecialchars(trim($str));
$password = $_POST['user_password'];
// Hashing with Random Number
$saltedpasswrd = hash('sha256', $password);
error_log('#salt_' . $saltedpasswrd);
// Fetch stored password<72> from database on the basis of username/email
$sql = "select t.*,m.*, r.role_home_page,r.role_code,r.role_type from tbl_users t left join menu_master m on t.landing_page=m.menu_id left join role_master r on t.role_id= r.role_id
where upper(t.user_name)=upper(:usname) ";
$query = $dbh->prepare($sql);
error_log("#query :" . $sql);
// echo "query:". $sql;
$query->bindParam(':usname', $username, PDO::PARAM_STR);
// echo "binding params:: username:".$username." param str:".PARAM_STR;
$query->execute();
$results = $query->fetch(PDO::FETCH_OBJ);
$currentDate = new DateTime();
$c_time = $currentDate->format('Y-m-d H:i:s');
// login check query
$ipaddress = null;
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
// ip from share internet
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// ip pass from proxy
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ipaddress = $_SERVER['REMOTE_ADDR'];
}
$is_success = 0;
$id_session = $_SESSION['csrf_Token'];
$err_reason = "";
$logout_time = "";
$sn_log = 0;
$log_time_query = "select * from login_check where user_id='$username' AND login_time ";
$rs_log = "select sn_log from login_check";
if (!$r_log = @mysqli_query($conn, $rs_log)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn));
exit(mysqli_error($conn));
}
if (mysqli_num_rows($r_log) > 0) {
error_log("I am here" . __LINE__);
while ($row_log = mysqli_fetch_array($r_log)) {
error_log("I am here" . __LINE__);
$sn_log = $row_log['sn_log'];
}
}
$sn_log++;
$success_check = 0;
$log_time_query = "select * from login_check where user_id='$username' AND is_success=0";
if (!$r_log = @mysqli_query($conn, $log_time_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn));
exit(mysqli_error($conn));
}
if (mysqli_num_rows($r_log) > 0) {
error_log("I am here" . __LINE__);
$end = new DateTime();
while ($row_log = mysqli_fetch_array($r_log)) {
error_log("I am here" . __LINE__);
"<br>" . $start = $row_log['login_time'] . "";
$start = new DateTime($start);
$diff = $end->diff($start);
$days = $diff->format('%a');
$hours = $diff->format('%h');
$minutes = $diff->format('%i');
"<br>" . $diffInMinutes = $days * 24 * 60 + $hours * 60 + $minutes;
if ($diffInMinutes < 30) {
error_log("I am here" . __LINE__);
$success_check++;
} else {
error_log("I am here" . __LINE__);
$success_check = 0;
}
}
}
$log_check_query = "insert into login_check set sn_log='$sn_log',ip_address='$ipaddress',user_id='$username',u_password='$password' ";
if ($success_check >= 5) {
error_log("I am here" . __LINE__);
$err_reason = "tryed more than 5 times";
$log_check_query = $log_check_query . ", is_success='$is_success' , id_session='$id_session',err_reason='$err_reason' ,logout_time='$logout_time' ";
if (!$login_check = @mysqli_query($conn, $log_check_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn) . " Query:" . $log_check_query);
exit(mysqli_error($conn));
} else {
error_log("I am here" . __LINE__);
$user_name = strtoupper($username);
$set_status = 2;
$status_change_query = "update tbl_users set status='" . $set_status . "' where user_name='" . $user_name . "' ";
error_log($status_change_query);
if (!$status_update_tbl = @mysqli_query($conn, $status_change_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn));
exit(mysqli_error($conn));
echo "<script>location.replace('index.php?msg=$msg')</script>";
} else {
error_log("I am here" . __LINE__);
echo " updated ";
}
echo "<script>location.replace('index.php?msg=Too many failed attempts. Your account is locked. Please connect application administrator. ')</script>";
}
}
// error_log("#DATA" . print_r($results, true));
// // $query->rowCount();
// error_log("#count" . print_r($query->rowCount(), true));
// // echo $query->rowCount();
if ($query->rowCount() > 0) {
error_log("I am here" . __LINE__);
$fetchpassword = hash('sha256', $results->user_password);
error_log("#DB_PASSWORD: " . $fetchpassword);
error_log("#user_PASSWORD: " . $saltedpasswrd);
// // foreach ($results as $result)
// {
// //print_r($fetchpassword);
// // hashing for stored password
// // $storedpass= hash('sha256',$fetchpassword);
// }
// You can configure your cost value according to your server configuration.By Default value is 10.
$options = [
'cost' => 12
];
// Hashing of the post password
// $hash= password_hash($storedpass,PASSWORD_DEFAULT, $options);
// $hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options);
// echo $hash1;
// Verifying Post password againt stored password
// echo "<br>".$saltedpasswrd;
if ($saltedpasswrd === $fetchpassword) {
error_log("Passwords Matched. I am here" . __LINE__);
// echo "welcome";
// $_SESSION['userlogin'] = $username;
error_log("status:" . $results->status);
if ($results->status == '1') {
error_log("I am here" . __LINE__);
$_SESSION['user_id'] = $results->user_id;
$id_session = $_SESSION['csrf_Token'];
$user_id_new = $results->user_id;
$_SESSION['username'] = $results->user_name;
phpv8 changes
2025-08-29 16:30:39 +05:30
$_SESSION['firstname'] = $results->first_name;
error_log("firstname:" . $results->first_name);
$_SESSION['lastname'] = $results->last_name;
csrtech_8
2025-04-14 13:28:09 +05:30
$_SESSION['userpassword'] = $results->user_password;
// $_SESSION['RoleId'] = $results->role_id;
$_SESSION['RoleCode'] = $results->role_code;
$_SESSION['role_type'] = $results->role_type;
$_SESSION['role_home_page'] = $results->role_home_page;
$_SESSION['logged_user_empid'] = $results->emp_id;
error_log("emp_id:" . $results->emp_id);
$menu_id = $results->menu_id;
// $s = $row['menu_url'];
$ohcTypes = $results->ohc_type;
$userRoles = $results->role_id;
// login check query
$is_success = 1;
$id_session = $_SESSION['csrf_Token'];
$log_check_query = $log_check_query . ", is_success='$is_success' , id_session='$id_session',err_reason='$err_reason' ,logout_time='$logout_time' ";
if (!$login_check = @mysqli_query($conn, $log_check_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn) . ". Failing Query:" . $log_check_query);
exit(mysqli_error($conn));
} else {
//echo "<script>alert('yes');</script>";
}
if (isset($ohcTypes) && strlen($ohcTypes) > 0) {
$ohc_arr = explode(",", $ohcTypes);
new changes
2026-01-07 09:12:10 +05:30
if (countSafe($ohc_arr) > 1) {
csrtech_8
2025-04-14 13:28:09 +05:30
$_SESSION['ohctypes'] = $ohcTypes;
echo "<script>location.replace('interim_ohc_selection.php')</script>";
new changes
2026-01-07 09:12:10 +05:30
} else if (countSafe($ohc_arr) == 1) {
csrtech_8
2025-04-14 13:28:09 +05:30
$_SESSION['current_ohcttype'] = $ohc_arr[0];
}
}
$userRoles = $results->role_id;
if (isset($userRoles) && strlen($userRoles) > 0) {
$role_arr = explode(",", $userRoles);
new changes
2026-01-07 09:12:10 +05:30
if (countSafe($role_arr) > 1) {
csrtech_8
2025-04-14 13:28:09 +05:30
$_SESSION['roleids'] = $userRoles;
//echo "<script>location.replace('interim_selection.php')</script>";
echo "<script>location.replace('interim_role_selection.php')</script>";
new changes
2026-01-07 09:12:10 +05:30
} else if (countSafe($role_arr) == 1) {
csrtech_8
2025-04-14 13:28:09 +05:30
$_SESSION['roleids'] = $role_arr[0];
$_SESSION['RoleId'] = $role_arr[0];
new changes
2026-01-07 09:12:10 +05:30
if (countSafe($ohc_arr) > 1) {
csrtech_8
2025-04-14 13:28:09 +05:30
echo "<script>location.replace('interim_ohc_selection.php')</script>";
}
}
}
new changes
2026-01-07 09:12:10 +05:30
if (isset($_SESSION['role_home_page']) && countSafe($_SESSION['role_home_page']) > 0) {
csrtech_8
2025-04-14 13:28:09 +05:30
// echo $_SESSION['role_home_page'];
echo "<script>location.replace('" . $_SESSION['role_home_page'] . "')</script>";
// echo "<script>location.replace('home.php?pagekey=226')</script>";
} else {
echo "<script>location.replace('home.php')</script>";
}
} else {
$err_reason = "You are barred to use this application";
$msg = 'You are barred to use this application';
echo "<script>location.replace('index.php)</script>";
}
//echo "<script type='text/javascript'> document.location = 'welcome.php'; </script>";
} else {
$err_reason = "Wrong password";
$msg = "User name or Wrong password";
echo "<script>location.replace('index.php?msg=$msg')</script>";
}
} else {
$err_reason = "Invalid User name";
$msg = "User name or Wrong password";
echo "<script>location.replace('index.php?msg=$msg')</script>";
}
$id_session = $_SESSION['csrf_Token'];
$log_check_query = $log_check_query;
if (!$login_check = @mysqli_query($conn, $log_check_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn) . ". Failing Query:" . $log_check_query);
exit(mysqli_error($conn));
echo "<script>location.replace('index.php?msg=$msg')</script>";
} else {
echo "<script>location.replace('index.php)</script>";
}
}
} else {
$msg = 'Login failure !!!';
echo "<script>location.replace('index.php)</script>";
// echo "";
}
}
?>
phpv8 changes
2025-08-29 16:30:39 +05:30
<body class="hold-transition login-page" style="background-image: url('images/login_bg.png'); background-size: cover; background-position: center; background-repeat: no-repeat;">
csrtech_8
2025-04-14 13:28:09 +05:30
<div class="login-box">
<div class="login-logo">
<a href="http://www.ohctech.com"><img src="images/ohctech_ghcl.png" alt="" style="width: 250px; height: 120px;" title="OHCTECH"></a><br>
<h4>CSR Management System</h4>
</div>
<!-- /.login-logo -->
<div class="login-box-body">
<?php
phpv8 changes
2025-08-29 16:30:39 +05:30
if ($msg) {
csrtech_8
2025-04-14 13:28:09 +05:30
echo " <p class=\"text-red\">$msg</p>";
} else {
echo " <p class=\"login-box-msg\">Sign in to Enter</p>";
}
?>
<?php
// 1.Create CSRF Token to Form
$csrf_Token = md5(uniqid(rand(), true));
$_SESSION['csrf_Token'] = $csrf_Token;
?>
<form method="POST">
<div class="form-group has-feedback">
<input type="text" name="user_name" class="form-control" placeholder="User Name"> <span class="glyphicon glyphicon-user form-control-feedback"><input type="hidden" name="token" value=<?= $csrf_Token; ?>></span>
</div>
<div class="form-group has-feedback">
<input type="password" class="form-control" placeholder="Password" name="user_password"><input type="hidden" name="hide" value="1"> <span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<div class="row">
<div class="col-xs-8">
<div class="checkbox icheck">
<label> <input type="checkbox"> Remember Me
</label>
</div>
</div>
<!-- /.col -->
<div class="col-xs-4">
<button type="submit" name="acn" class="btn btn-primary btn-block btn-flat">Sign In</button>
</div>
<!-- /.col -->
</div>
</form>
</div>
<!-- /.login-box-body -->
</div>
<!-- /.login-box -->
<?php
$due_date_old = getConfigKey("SUBSCRIPTION_END_DATE");
error_log("date : " . $due_date_old);
$due_date = strtotime($due_date_old);
$due_date = date('Y-m-d', $due_date);
$date = date_create($due_date_old);
date_sub($date, date_interval_create_from_date_string("30 days"));
$date = date_format($date, "Y-m-d");
// echo $date. " ".date("Y-m-d");
// echo $due_date;
if ($due_date_old != '' && $date <= date("Y-m-d") && date("Y-m-d") < $due_date) {
?>
<div class="alert-w">
<!-- <span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span> -->
<strong>Alert!</strong> Your support will end on <?= $due_date_old ?>.Please get your
subscription renewed.
</div>
<?php } else if ($due_date_old != '' && date("Y-m-d") > $due_date) { ?>
<div class="alert-d">
<!-- <span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span> -->
<strong>Alert!</strong> Your support has ended on <?= $due_date_old ?>.Please get your
subscription renewed as soon as possible.
</div>
<?php
} ?>
<!-- jQuery 3 -->
<script src="adminlte/bower_components/jquery/dist/jquery.min.js"></script>
<!-- Bootstrap 3.3.7 -->
<script src="adminlte/bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
<!-- iCheck -->
<script src="adminlte/plugins/iCheck/icheck.min.js"></script>
<script>
$(function() {
$('input').iCheck({
checkboxClass: 'icheckbox_square-blue',
radioClass: 'iradio_square-blue',
increaseArea: '20%' // optional
});
});
</script>
</body>
</html>
Reference in New Issue Copy Permalink