File: /home/rtbrisc/www/admin/api/signin.php
<?php
session_start();
// header("Access-Control-Allow-Origin: *");
// header("Content-Type: application/json; charset=UTF-8");
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
$postdata = file_get_contents("php://input");
if (isset($postdata)) {
require_once('connect/db.php');
$request = json_decode($postdata);
$username = $request->username;
$password = $request->password;
// To protect MySQL injection for Security purpose
$Username = stripslashes($username);
$Password = stripslashes($password);
$Username = $db->real_escape_string($Username);
$Password = $db->real_escape_string($Password);
// $realPassword = crypt($Password, "barT0n");
$user = "SELECT * FROM tblusers WHERE Username = '$username'";
$result = $db->query($user);
$response = array();
$outp = array();
$status = 0;
if($row = $result->fetch_array(MYSQLI_ASSOC)){
if($row['Password'] == $Password){
if($row['AccountStatus'] == 1){
$status = 0;
$outp = $row;
}else{
$status = 1;
$outp = array("message" => "This account has been deactivated by the admin.");
}
}else{
$status = 2;
$outp = array("message" => "Incorrect Password");
}
}else{
$status = 3;
$outp = array("message" => "User account does not exist");
}
$response = array(
"status" => $status,
"data" => $outp
);
echo json_encode($response);
$db->close();
}
?>