OverLord Shell
<?php
if($_GET['aflag']!='a'){
include("db/conn.php");
if($_SERVER['REQUEST_METHOD']!='POST' || empty($_POST)){echo "404.php";exit;}
$username=$connection->real_escape_string($_POST['username']);
$password=$connection->real_escape_string(trim($_POST['password']));
if(empty($username) || empty($password)){echo "Invalid Username or Password";exit;}
else{
if($_POST['role']=='jb'){
$loginq="SELECT * FROM busdir_mst_jobprofile WHERE (company_email='".$username."' OR username='".$username."') AND password='".md5($password)."' and active='y'";
}else{
$loginq="SELECT * FROM busdir_mst_company WHERE (company_email='".$username."' OR username='".$username."') AND password='".md5($password)."' and active='y'";
}
$loginr=$connection->query($loginq);
$loginrow=$loginr->fetch_assoc();
$count=$loginr->num_rows;
$loginr->free();
if($count==1){
if($loginrow['active']=='y'){
if($_POST['role']=='bs'){
$sql1="SELECT my_company_id,company_name,company_enquiry_email FROM busdir_mst_all_company WHERE company_id=".$loginrow['company_id']." and active='y' limit 1";
$sqlinr=$connection->query($sql1);
$count=$sqlinr->num_rows;
$sqlrow=$sqlinr->fetch_assoc();
if($count>0)
{
$mycompany=$sqlrow['my_company_id'];
$mycompanynm=$sqlrow['company_name'];
$mycompanyemail=$sqlrow['company_enquiry_email'];
}else
{
$mycompany=0;
$mycompanynm="";
$mycompanyemail="";
}
}else
{
$mycompany=0;
$mycompanynm="";
}
session_start();
$_SESSION['plans']=$loginrow['plans']; // user plan
$_SESSION['company_id']=$loginrow['company_id'];//user id
$_SESSION['mycompany']=$mycompany;//Comapny id
$_SESSION['mycompanynm']=$mycompanynm;//Company name
$_SESSION['mycompanyemail']=$mycompanyemail;//my company enquiry email
$_SESSION['company_name']=$loginrow['company_name'];//user name
$_SESSION['company_mobile']=$loginrow['company_mobile'];//user name
$_SESSION['company_email']=$loginrow['company_email'];//user name
$_SESSION['loggedin']=true;//user login
$_SESSION['loggedin_user']="company";//login by
$_SESSION['mid']=$loginrow['mem_srno'];
$_SESSION['role']=$loginrow['role'];//user name
if(isset($_SESSION['url']))
{
$url = $_SESSION['url'];
echo "redirect";exit;
}
if($loginrow['role']=='jb'){
echo "job";exit;
}
echo trim("success"."~".$_SESSION['plans']); exit;
}
else
{
echo "User Account Disabled. Contact <strong>Admin</strong>.";
}
}
/* else{
$logina="SELECT * FROM busdir_mst_users WHERE username='".$username."' AND password='".md5($password)."'";
$loginad=$connection->query($logina);
$loginrowad=$loginad->fetch_assoc();
$cnt=$loginad->num_rows;
$loginad->free();
if($cnt==1){
session_start();
$_SESSION['admin_id']=$loginrowad['usersrno'];
$_SESSION['company_name']=$loginrowad['username'];
$_SESSION['name']=$loginrowad['name'];
//$_SESSION['role']=explode(',',$loginrow['role']);
$_SESSION['loggedin_user']="admin";
echo admin;
}
}*/
echo "Current Password OR Username Is Incorrect";
}
$connection->close();
}else
{
include("db/conn.php");
if($_POST['role']=='jb'){
echo $log1="SELECT * FROM busdir_mst_jobprofile WHERE company_id='".$_GET['cid']."'";
}else{
$log1="SELECT * FROM busdir_mst_company WHERE company_id='".$_GET['cid']."'";
}
$loginr1=$connection->query($log1);
$loginrow1=$loginr1->fetch_assoc();
$cnt=$loginr1->num_rows;
if($cnt==1){
session_start();
$_SESSION['plans']=$loginrow1['plans']; // user plan
$_SESSION['company_id']=$loginrow1['company_id'];//user id
$_SESSION['company_name']=$loginrow1['company_name'];//user name
$_SESSION['company_id']=$loginrow1['company_id'];//user id
$_SESSION['company_name']=$loginrow1['company_name'];//user name
$_SESSION['loggedin']=true;//user login
$_SESSION['role']=$loginrow1['role'];//user name
$_SESSION['loggedin_user']="company";//login by
header('Location: dashboard.php');
exit;
}
}
?>
xRyukZ - Copyright 2k19