if ($sWhere == "") {
$sWhere = "WHERE ";
} else {
$sWhere .= " AND ";
}
$sWhere .= $aColumns[$i] . " LIKE '%" . mysqli_real_escape_string($gaSql['link'], $_GET['sSearch_' . $i]) . "%' ";
}
}
$sQuery = "\r\n SELECT SQL_CALC_FOUND_ROWS " . str_replace(" , ", " ", implode(", ", $aColumns)) . "\r\n FROM {$sTable}\r\n {$sWhere}\r\n {$sOrder}\r\n {$sLimit}\r\n ";
$rResult = mysqli_query($gaSql['link'], $sQuery) or die(mysqli_connect_error());
$sQuery = "\r\n SELECT FOUND_ROWS()\r\n ";
$rResultFilterTotal = mysqli_query($gaSql['link'], $sQuery) or die(mysqli_connect_error());
$aResultFilterTotal = mysqli_fetch_array($rResultFilterTotal);
$iFilteredTotal = $aResultFilterTotal[0];
$sQuery = "\r\n SELECT COUNT(" . $sIndexColumn . ")\r\n FROM {$sTable}\r\n ";
$rResultTotal = mysqli_query($gaSql['link'], $sQuery) or die(mysqli__connect_error());
$aResultTotal = mysqli_fetch_array($rResultTotal);
$iTotal = $aResultTotal[0];
$output = array("sEcho" => intval($_GET['sEcho']), "iTotalRecords" => $iTotal, "iTotalDisplayRecords" => $iFilteredTotal, "aaData" => array());
$no = 1;
while ($aRow = mysqli_fetch_array($rResult)) {
$row = array();
$tableroleaccess = new PoTable('user_role');
$currentRoleAccess = $tableroleaccess->findByAnd(id_level, $_SESSION['leveluser'], module, 'category');
$currentRoleAccess = $currentRoleAccess->current();
for ($i = 1; $i < count($aColumns); $i++) {
$str = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$strlink = preg_replace("/\\/po-admin\\/po-component\\/po-category\\/(datatable\\.php\$)/", "", $str);
if ($currentRoleAccess->delete_access == "Y") {
$tbldelete = "<a class='btn btn-xs btn-danger alertdel' id='{$aRow['id_category']}'><i class='fa fa-times'></i></a>";
}
<?php
require_once 'config.php';
$conn = mysqli_connect($_ENV['db_hostname'], $_ENV['db_username'], $_ENV['db_password'], $_ENV['db_database']) or die("Unable to connect to server" . mysqli__connect_error());
$_SERVER['conn'] = $conn;
$user_name = mysqli_real_escape_string($conn, $_POST['user_name']);
$user_pass = mysqli_real_escape_string($conn, $_POST['user_pass']);
if (empty($user_name) || empty($user_pass)) {
http_response_code(400);
}
$query = "SELECT * FROM users WHERE user_name='" . $user_name . "'";
$result = mysqli_query($conn, $query);
$user = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ($user['user_pass'] == sha1($user_pass)) {
session_start();
$_SESSION['user_id'] = $user['user_id'];
$_SESSION['user_name'] = $user['user_name'];
$query = "UPDATE users SET status='online' WHERE user_id='" . $user['user_id'] . "'";
$result = mysqli_query($conn, $query);
http_response_code(200);
header("Content-type: application/json");
$response = new stdClass();
$response->status = 1;
$response->data = "Successful Authentication";
echo json_encode($response);
} else {
http_response_code(400);
}