function get_rights($for = "")
{
try {
$dbh = new MyDbCon();
$dbh->select("Privilege_Master");
$dbh->select->where(array("privilege_id" => $_SESSION['privilege_id']));
$dbh->prepare();
if ($dbh->execute()) {
$obj = $dbh->fetchAll()[0];
$rights = $obj->get_assoc_array();
if (empty($for)) {
return $rights;
}
$for = strtolower($for);
if (isset($rights[$for])) {
return $rights[$for];
}
$for .= "_access";
if (isset($rights[$for])) {
return $rights[$for];
}
}
} catch (\Exception $e) {
throw $e;
}
if (!empty($for)) {
return "000";
}
return Privilege_Master::zero_rights();
}
exit;
}
if ('POST' == $_SERVER['REQUEST_METHOD']) {
if (!isset($_SESSION['login']) || $_SESSION['login'] !== true) {
account_error(HTTP_Status::UNAUTHORIZED);
}
if (empty($_POST['user_password_old']) || empty($_POST['user_password']) || empty($_POST['user_password1'])) {
account_error(HTTP_Status::BAD_REQUEST, "Please fill all the fields!");
}
try {
$dbh = new MyDbCon();
$dbh->select("User_Master");
$dbh->select->where->equalTo("user_name", $_SESSION['user_name']);
$dbh->prepare();
$dbh->execute();
$user = $dbh->fetchAll()[0];
if ($user->match_password($_POST['user_password_old'])) {
$newUser = $user->get_assoc_array();
$newUser['user_password'] = $_POST['user_password'];
$newUser['user_password1'] = $_POST['user_password1'];
$nu = new User_Master();
$suc = $nu->set_assoc_array($newUser);
if (Master::isLegit($suc)) {
$dbh->update($nu, array("user_name" => $_SESSION['user_name']));
$dbh->prepare();
$dbh->execute();
$final = json_encode(array("done" => true, "final" => "Password Changed Successfully!"));
header('Content-Length: ' . strlen($final));
header('Content-Type: application/json');
echo $final;
} else {
try {
$dbh = new MyDbCon();
$dbh->select($_GET['master']);
include "./joins.php";
$filepath = "./custom/{$_GET['master']}.get.php";
if (file_exists($filepath)) {
require_once $filepath;
} else {
require_once "./common.php";
}
$dbh->prepare();
if ($dbh->execute()) {
if (isset($clm)) {
$res = $dbh->fetchAssoc();
$final = json_encode($res);
} else {
$objs = $dbh->fetchAll();
$final = json_encode($objs);
}
header('Content-Length: ' . strlen($final));
header('Content-Type: application/json');
echo $final;
} else {
list_error(HTTP_Status::NOT_FOUND);
}
} catch (\Exception $e) {
$message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
$code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
$err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
list_error(HTTP_Status::INTERNAL_SERVER_ERROR, $err);
}
<?php
if ('POST' == $_SERVER['REQUEST_METHOD']) {
// Validation
$user = trim($_POST['user_name']);
$pass = trim($_POST['user_password']);
if (!isset($user) || !isset($pass) || empty($user) || empty($pass)) {
$err = "Wrong Username/Password!!";
} else {
try {
$con = new MyDbCon();
$con->select("User_Master");
$con->select->where(array("user_name" => $user));
$con->prepare();
if ($con->execute()) {
$obj = $con->fetchAll()[0];
if ($obj->match_password($pass)) {
$status = $obj->get_by_key('user_status');
if ($status != 0) {
$_SESSION['login'] = true;
$_SESSION['privilege_id'] = $obj->get_by_key('privilege_id');
$_SESSION['user_name'] = $user;
$_SESSION['faculty_id'] = $obj->get_by_key('faculty_id');
header('Location: ./dashboard/');
exit;
} else {
$err = "Your Account is Locked!!";
}
} else {
$err = "Wrong Username/Password!!";
}
