D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
home
/
diafrica
/
result.dominicaninstitute.org
/
Filename :
loginadmin.php
back
Copy
<?php if (!$_SESSION){ session_start(); } if(isset($_POST['pas']) && isset($_POST['use'])){ $_SESSION['loginname'] = $_POST['use']; unset($temp); if(isset($_POST['pas'])){ $_POST['pas']=trim($_POST['pas']); if(preg_match('/^[a-zA-Z0-9^$.*+\[\]{,}]/u',$_POST['pas'])) $temp=$_POST['pas']; } if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} $pas = $temp; unset($temp); if(isset($_POST['use'])){ $_POST['use']=trim($_POST['use']); if(preg_match('/^[a-zA-Z0-9^$.*+\[\]{,}]/u',$_POST['use'])) $temp=$_POST['use']; } if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} $use = $temp; $_POST['pas'] = ""; $_POST['use'] = ""; include("Connecter/dataconn.php"); $query_rsdirectory = sprintf("select * from users where username = '%s' and passwrd = '%s'", mysql_real_escape_string($use),sha1(mysql_real_escape_string($pas))); $result=mysql_query($query_rsdirectory,$csn); if (!$result){ echo ("<p>Error retrieving data: " . mysql_error() . "</p>"); exit(); } $num = mysql_num_rows($result); if ($num != 0){ $ddrow=mysql_fetch_array($result); $_SESSION['dtype'] = $ddrow['dtyper']; $_SESSION['user_name'] = $ddrow['namer']; $_SESSION["prog_id"] = $ddrow['departmentsn']; $_SESSION["fac_id"] = $ddrow['faculty_id']; if($ddrow['dtyper'] == 'superadmin'){ $yto=$use; $acc="administratoroftheduresult2018byto"; } elseif($ddrow['dtyper'] == 'lecturer'){ $yto = $ddrow['sn']; $acc="lectureroftheuniversity2015byto"; $query_lec = "select * from lecturers where user_id = $yto"; $result_lec = mysql_query($query_lec); $row = mysql_fetch_array($result_lec); $_SESSION['lec_id'] = $row['sn']; } elseif($ddrow['dtyper'] == 'exams'){ $yto = $ddrow['sn']; $acc="examofficeroftheuniversity2015byto"; } elseif($ddrow['dtyper'] == 'records'){ $acc="records"; $yto = $ddrow['sn']; }elseif($ddrow['dtyper'] == 'superior'){ $acc="superior"; $yto = $ddrow['sn']; } $_SESSION["yto"] = $yto; $_SESSION["acc"] = $acc; Header("Refresh: 0; url=dadmin.php"); exit(); include("tdadmin.php"); } else{ $query_rsdirectory = sprintf("select * from students where matric = '%s' and passwrd = '%s' and archived='No'", mysql_real_escape_string($use), sha1(mysql_real_escape_string($pas))); $result=mysql_query($query_rsdirectory,$csn); if (!$result){ echo ("<p>Error retrieving data: " . mysql_error() . "</p>"); exit(); } $row = mysql_fetch_assoc($result); $num = mysql_num_rows($result); if ($num != 0){ $_SESSION["deptsn"] = $row['programmesn']; $_SESSION['surname'] =$row['surname']; $_SESSION['firstname'] =$row['firstname']; $_SESSION['othernames'] =$row['othernames']; $_SESSION["stud_name"] = $row['surname'].' '.$row['firstname'].' '.$row['othernames']; $_SESSION["matric_no"] = $row['matric']; $_SESSION["yearofentry"] = $row['yearofentry']; $_SESSION["degree"] = $row['degree']; $_SESSION["faculty"] = $row['fname']; $_SESSION["dept"] = $row['dname']; $_SESSION["prog"] = $row['pname']; $_SESSION["dde"] = $row['de']; $_SESSION['user_name'] = $_SESSION["stud_name"]; $_SESSION['dtype'] = 'student'; $query = sprintf("select a.namer as fname, b.namer as dname, c.namer as pname, d.namer as degree from faculties as a, programs as b, departments as c, programmes as d where d.sn = '%s' and d.departmentsn=c.sn and c.facultysn=a.sn and c.deptsn=b.sn and b.facultysn=a.sn", mysql_real_escape_string($_SESSION["deptsn"])); $res=mysql_query($query,$csn); $myrow = mysql_fetch_assoc($res); $acc="studentoftheuniversity2015byto"; $yto=$row['sn']; $_SESSION["yto"] = $row['sn']; $_SESSION["acc"] = "studentoftheuniversity2015byto"; //session_register("acc","yto"); Header("Refresh: 0; url=dadmin.php"); exit(); }else { echo "<script language='Javascript'> window.location=\"index.php?error=Ooops! Incorrect username or password.\" </script>"; } } } else { include("ddadmin.php"); } ?>