MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/account/server/login.php
<?php
session_start();

require_once('db.php');

if(isset($_POST)) {

	$username = mysqli_real_escape_string($conn, $_POST['txtUsername']);
	$password = mysqli_real_escape_string($conn, $_POST['txtPassword']);

	if(empty($username) || empty($password)){
		$_SESSION['log_err'] = "User Login Credentials are required!!!";
		header("Location: ../login.php");
	}else{
		$realPassword = crypt($password,"rtb");

		$user = mysqli_query($conn, "SELECT * FROM tblusers Where Username = '$username'");
		
		if($row = mysqli_fetch_assoc($user)){
			if($row['Password'] == $realPassword){
				if($row['AccountStatus'] == 1){
					$newUser = $row['CustomerID'];
					$plan = mysqli_query($conn, "SELECT * FROM tblplan WHERE CustomerID = '$newUser'");
					$plan_row = mysqli_fetch_assoc($plan);
					if (($plan_row['SupportPlan'] == 1 && $plan_row['PaymentStatus'] == 1) || $plan_row['SupportPlan'] == 2) {
						$check_account = mysqli_query($conn, "SELECT * FROM tblcustomer WHERE CustomerID = '$newUser'");
						$check_account_row = mysqli_fetch_assoc($check_account);
						if ($check_account_row && $check_account_row['AccountStatus'] == 1) {
							$_SESSION['user'] = $row;
							header("Location: ../../main/dashboard/");
							//header("Location: https://portal.qis-nigeria.com/dashboard/");
						}else{
							$_SESSION['log_err'] = "This account has been de-activated. Please contact Our Customer Care.";
							header("Location: ../login.php");
						}
					}else{
						$_SESSION['payid'] = $row['CustomerID'];
						$_SESSION['paymail'] = $row['Username'];
						$_SESSION['log_err'] = "Premium account subscription has expired. please click <a href='../verification/payment/'>HERE</a> to make payment.";
						header("Location: ../login.php");
					}	
				}else{
					$_SESSION['problem'] = "This account is not yet verified, Please visit your registered mail to verify account. Thanks";
					header("Location: ../../account/error.php");
					//header("Location: https://portal.qis-nigeria.com/dashboard/");	
				}	
			}else{
				$_SESSION['log_err'] = "Incorrect User Password";
				header("Location: ../login.php");
			}
		}else{
			//Trap where user is logging in from
			$_SESSION['log_err'] = "User account does not exist!!!";
			header("Location: ../login.php");
		}
	}

}

?>