| Server IP : 127.0.0.1 / Your IP : 216.73.216.48 Web Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 System : Windows NT DESKTOP-3H4FHQJ 10.0 build 19045 (Windows 10) AMD64 User : win 10 ( 0) PHP Version : 8.2.12 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : D:/xampp/htdocs-coblaa/Cinevaa/ |
Upload File : |
<?php
session_start();
include('con_db.php'); // Ensure this file creates a valid $con variable
include('db.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login | Craneblue</title>
<link href="https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@400;600;700&display=swap" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="main_css/login.css" />
</head>
<body>
<div class="login-card">
<div class="header">
<div class="logo-box"><img src="https://coblaa.com/main_icon/crane log.png"></div>
<h2>Sign In</h2>
<p class="subtitle"></p>
</div>
<form action="" method="POST">
<div class="input-group">
<label>Username, email or phone to login</label>
<div class="input-wrapper">
<input type="text" name="login_email" placeholder="Username, email or phone" required>
</div>
</div>
<div class="input-group">
<label>Password</label>
<div class="input-wrapper">
<input type="password" name="login_password" id="passInput" placeholder="••••••••" required>
</div>
</div>
<label class="terms-container">
<input type="checkbox" name="terms" required>
<span class="checkmark"></span>
By logging in, you agree to our <a href="#">Terms & Conditions</a>
</label>
<?php
if(isset($_POST['login_acc_btn'])) {
$identifier = $_POST['login_email'];
$password = $_POST['login_password'];
// 1. Fetch user from the main users table
$stmt = $conn->prepare("SELECT my_id, email, password FROM cb_userstb WHERE fname=? OR lname=? OR contact=? LIMIT 1");
$stmt->bind_param("sss", $identifier, $identifier, $identifier);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 1) {
$row = $result->fetch_assoc();
if(password_verify($password, $row['password'])) {
$my_id = $row['my_id'];
$_SESSION['my_id'] = $my_id;
$_SESSION['email'] = $row['email'];
// 2. CHECK IF THIS USER IS IN THE ADMINS TABLE
$admin_stmt = $con->prepare("SELECT role FROM admins WHERE my_id = ?");
$admin_stmt->bind_param("i", $my_id);
$admin_stmt->execute();
$admin_res = $admin_stmt->get_result();
if($admin_res->num_rows > 0) {
$admin_data = $admin_res->fetch_assoc();
$_SESSION['is_admin'] = true;
$_SESSION['admin_role'] = $admin_data['role'];
} else {
$_SESSION['is_admin'] = false;
}
// 3. Fetch specific permissions (existing logic)
$perm_stmt = $conn->prepare("SELECT song_edit, song_del FROM coblaa_permistb WHERE my_id=?");
$perm_stmt->bind_param("i", $my_id);
$perm_stmt->execute();
$perm_res = $perm_stmt->get_result();
if($p_row = $perm_res->fetch_assoc()) {
$_SESSION['song_edit'] = $p_row['song_edit'];
$_SESSION['song_del'] = $p_row['song_del'];
}
echo "<script>window.open('index.php','_self')</script>";
} else {
echo "<div class='login_output'>Invalid Password.</div>";
}
} else {
echo "<div class='login_output'>User account not found.</div>";
}
}
?>
<button type="submit" name="login_acc_btn" class="login-btn">Secure Login</button>
</form>
<div style="text-align:center; margin-top:25px; font-size:14px; color:#666;">
New to Craneblue? <a href="signup.php" style="color:var(--accent); text-decoration:none; font-weight:600;">Create Account</a>
</div>
</div>
</body>
</html>