Mini Shell
<?php
$rootPath = realpath(dirname(__FILE__) . '/..');
require_once $rootPath . '/Portal/config/config.php'; // Use clean config file
// Start session BEFORE any output
session_start();
$redirect_url = "login.php";
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
$username = filter_input(INPUT_POST, 'username');
$passwd = filter_input(INPUT_POST, 'passwd');
$remember = filter_input(INPUT_POST, 'remember');
$passwd = md5($passwd);
//Get DB instance
$db = getDbInstance();
$db->where("user_name", $username);
$db->where("passwd", $passwd);
$row = $db->get('admin_accounts');
if ($db->count >= 1) {
$_SESSION['user_logged_in'] = TRUE;
$_SESSION['User_Type'] = $row[0]['User_Type'];
$_SESSION['Full_Name'] = $row[0]['Full_Name'];
$_SESSION['id'] = $row[0]['id'];
$_SESSION['Status'] = $row[0]['Status'];
if ($_SESSION['Status'] !== 'Active') {
// Fix: Use = for assignment, not ==
session_destroy();
if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
unset($_COOKIE['username']);
unset($_COOKIE['password']);
setcookie('username', null, -1, '/');
setcookie('password', null, -1, '/');
}
session_start();
$error_message = urlencode("Your Account is Locked, please contact the school");
header("Location: $redirect_url?error=true&message=$error_message");
exit;
}else {
if ($remember) {
setcookie('username', $username, time() + (86400 * 90), "/");
setcookie('password', $passwd, time() + (86400 * 90), "/");
}
// Fix: Use === for comparison, not =
if ($_SESSION['User_Type'] === 'Official') { // Fixed typo
header('Location: AdminPortal.php');
exit;
} else if ($_SESSION['User_Type'] === 'Student') {
header('Location: Portal.php');
exit;
}
}}else {
// Fix: Use = for assignment, not ==
$error_message = urlencode("Invalid user name or password");
header("Location: $redirect_url?error=true&message=$error_message");
exit;
}
}
?>