public function checkLogin($username, $password) { $username = toSafeString($username); $password = toSafeString($password); $mysqli = connectToDB(); $result = $mysqli->query("CALL sp_login('{$username}','{$password}');") or die("SELECT query login error"); $mysqli->close(); if ($result->fetch_assoc()) { return true; } else { return false; } }
<?php require_once "../core/core.php"; $msg = ''; function toSafeString($string) { $string = htmlentities($string, ENT_QUOTES, "utf-8"); $string = trim($string); return $string; } if (isset($_POST['submit'])) { $mobile = toSafeString($_POST['mobile']); $password = toSafeString($_POST['password']); $password_hash = sha1($password); $admins_fetch_rows = DatabaseHandler::GetRow("SELECT * FROM admins WHERE mobile='{$mobile}' AND password='******' LIMIT 1;"); if ($admins_fetch_rows) { $_SESSION['MM_admin_first_name'] = $admins_fetch_rows['first_name']; $_SESSION['MM_admin_last_name'] = $admins_fetch_rows['last_name']; $_SESSION['MM_admin_id'] = $admins_fetch_rows['id']; $_SESSION['MM_admin_mobile'] = $admins_fetch_rows['mobile']; $roles_id = $admins_fetch_rows['roles_id']; $roles_result = DatabaseHandler::GetAll("SELECT\n\t\t\t\t\t\t\t\t\t rolespermissions.id\n\t\t\t\t\t\t\t\t\t,rolespermissions.roles_id\n\t\t\t\t\t\t\t\t\t,rolespermissions.permissions_id\n\t\t\t\t\t\t\t\t\t,permissions.ENtitle\n\t\t\t\t\t\t\t\t\t,permissions.id\n\t\t\t\t\t\t\t\t\t,permissions.title\n\t\t\t\t\t\t\t\t\t\tFROM rolespermissions\n\t\t\t\t\t\t\t\t\t\t\tINNER JOIN permissions\n\t\t\t\t\t\t\t\t\t\t\t\tON rolespermissions.permissions_id = permissions.id\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE rolespermissions.roles_id = '{$roles_id}' ; "); $check = array(); foreach ($roles_result as $roles_row) { $permissions_name = $roles_row['ENtitle']; array_push($check, $permissions_name); $_SESSION['permissions'] = $check; } header("Location: index.php"); } else { $msg = '