MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/api/signin.php
<?php
session_start();
// header("Access-Control-Allow-Origin: *");
// header("Content-Type: application/json; charset=UTF-8");

if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');    // cache for 1 day
}

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
}

$postdata = file_get_contents("php://input");

if (isset($postdata)) {

    require_once('connect/db.php');
    
    $request = json_decode($postdata);

	$username = $request->username;
    $password = $request->password;
    

	// To protect MySQL injection for Security purpose
	$Username = stripslashes($username);
	$Password = stripslashes($password);

    
	$Username = $db->real_escape_string($Username);
    $Password = $db->real_escape_string($Password);

    // $realPassword = crypt($Password, "barT0n");

    $user = "SELECT * FROM tblusers WHERE Username = '$username'";
    
    $result = $db->query($user);
    $response = array();
    $outp = array();
    $status = 0;

    if($row = $result->fetch_array(MYSQLI_ASSOC)){
        if($row['Password'] == $Password){
            if($row['AccountStatus'] == 1){
                $status = 0;
                $outp = $row;
            }else{
                $status = 1;
                $outp = array("message" => "This account has been deactivated by the admin.");
            }	
        }else{
            $status = 2;
            $outp = array("message" => "Incorrect Password");
        }
    }else{
        $status = 3;
        $outp = array("message" => "User account does not exist");
    }

    $response = array(
        "status" => $status,
        "data" => $outp
    );
    
    echo json_encode($response);
    
    $db->close();
}


?>