File: /home/rtbrisc/public_html/admin/account/server/login.php
<?php
session_start();
require_once('db.php');
if(isset($_POST)) {
$username = mysqli_real_escape_string($conn, $_POST['txtUsername']);
$password = mysqli_real_escape_string($conn, $_POST['txtPassword']);
if(empty($username) || empty($password)){
$_SESSION['log_err'] = "User Login Credentials are required!!!";
header("Location: ../login.php");
}else{
$realPassword = crypt($password,"rtb");
$user = mysqli_query($conn, "SELECT * FROM tblusers Where Username = '$username'");
if($row = mysqli_fetch_assoc($user)){
if($row['Password'] == $realPassword){
if($row['AccountStatus'] == 1){
$newUser = $row['CustomerID'];
$plan = mysqli_query($conn, "SELECT * FROM tblplan WHERE CustomerID = '$newUser'");
$plan_row = mysqli_fetch_assoc($plan);
if (($plan_row['SupportPlan'] == 1 && $plan_row['PaymentStatus'] == 1) || $plan_row['SupportPlan'] == 2) {
$check_account = mysqli_query($conn, "SELECT * FROM tblcustomer WHERE CustomerID = '$newUser'");
$check_account_row = mysqli_fetch_assoc($check_account);
if ($check_account_row && $check_account_row['AccountStatus'] == 1) {
$_SESSION['user'] = $row;
header("Location: ../../main/dashboard/");
//header("Location: https://portal.qis-nigeria.com/dashboard/");
}else{
$_SESSION['log_err'] = "This account has been de-activated. Please contact Our Customer Care.";
header("Location: ../login.php");
}
}else{
$_SESSION['payid'] = $row['CustomerID'];
$_SESSION['paymail'] = $row['Username'];
$_SESSION['log_err'] = "Premium account subscription has expired. please click <a href='../verification/payment/'>HERE</a> to make payment.";
header("Location: ../login.php");
}
}else{
$_SESSION['problem'] = "This account is not yet verified, Please visit your registered mail to verify account. Thanks";
header("Location: ../../account/error.php");
//header("Location: https://portal.qis-nigeria.com/dashboard/");
}
}else{
$_SESSION['log_err'] = "Incorrect User Password";
header("Location: ../login.php");
}
}else{
//Trap where user is logging in from
$_SESSION['log_err'] = "User account does not exist!!!";
header("Location: ../login.php");
}
}
}
?>