File manager

File manager - Edit - /var/www/order.cmtc.ac.th/admin/index.php

Back
<?php session_start(); include('../config/db.php'); // ✅ ฟังก์ชันเข้ารหัส token สำหรับ remember me function generateToken() { return bin2hex(random_bytes(16)); } // ✅ ตรวจสอบ cookie remember me if (isset($_COOKIE['admin_token']) && !isset($_SESSION['admin'])) { $token = $_COOKIE['admin_token']; $res = $conn->query("SELECT * FROM users WHERE remember_token='$token' LIMIT 1"); if ($res->num_rows > 0) { $data = $res->fetch_assoc(); $_SESSION['admin'] = $data['username']; $_SESSION['admin_fullname'] = $data['fullname']; $_SESSION['admin_id'] = $data['id']; $_SESSION['admin_role'] = $data['role']; header("Location: orders.php"); exit; } } // ✅ สร้าง CAPTCHA ถ้ายังไม่มีใน session if (empty($_SESSION['captcha_code'])) { $_SESSION['captcha_code'] = strval(rand(10000, 99999)); } // ✅ ตรวจสอบการเข้าสู่ระบบ if (isset($_POST['username'])) { $u = trim($_POST['username']); $p = md5(trim($_POST['password'])); $captcha_input = trim($_POST['captcha']); $remember = isset($_POST['remember_me']); if ($captcha_input !== $_SESSION['captcha_code']) { $error = "⚠️ รหัสยืนยัน (CAPTCHA) ไม่ถูกต้อง กรุณาลองใหม่อีกครั้ง"; $_SESSION['captcha_code'] = strval(rand(10000, 99999)); } else { $res = $conn->query("SELECT * FROM users WHERE username='$u' AND password='$p' LIMIT 1"); if ($res->num_rows > 0) { $data = $res->fetch_assoc(); $_SESSION['admin'] = $data['username']; $_SESSION['admin_fullname'] = $data['fullname']; $_SESSION['admin_id'] = $data['id']; $_SESSION['admin_role'] = $data['role']; unset($_SESSION['captcha_code']); // ✅ ถ้าเลือกจำฉันไว้ -> สร้าง token และเก็บ cookie 1 วัน if ($remember) { $token = generateToken(); $conn->query("UPDATE users SET remember_token='$token' WHERE id={$data['id']}"); setcookie('admin_token', $token, time() + (86400), "/"); // 24 ชม. } header("Location: orders.php"); exit; } else { $error = "❌ ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง"; $_SESSION['captcha_code'] = strval(rand(10000, 99999)); } } } ?> <?php include('../user/template_user_header.php'); ?> <!DOCTYPE html> <html lang="th"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>เข้าสู่ระบบผู้ดูแลระบบ</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Kanit:wght@300;400;600&display=swap" rel="stylesheet"> <style> body,* { font-family: 'Kanit', sans-serif !important; } .login-container { max-width: 450px; margin: 60px auto; } .card-login { border-radius: 16px; background: #ffffff; box-shadow: 0 4px 25px rgba(0,0,0,0.1); overflow: hidden; } .card-login .card-header { background: linear-gradient(45deg, #44000E, #44000E); color: #fff; font-weight: 600; font-size: 1.3rem; text-align: center; padding: 15px 0; } .captcha-box { display: flex; align-items: center; justify-content: space-between; background: #f8f9fa; border: 1px solid #ccc; border-radius: 8px; padding: 5px 10px; } .captcha-code { font-size: 24px; font-weight: bold; letter-spacing: 4px; color: #007bff; user-select: none; } .refresh-btn { background: none; border: none; font-size: 20px; color: #007bff; cursor: pointer; } .refresh-btn:hover { color: #44000E; } .btn-login { background: linear-gradient(45deg, #007bff, #44000E); color: white; border: none; font-weight: 500; transition: 0.3s; } .btn-login:hover { background: linear-gradient(45deg, #0056b3, #007bff); } .form-check-label { font-size: 0.9rem; color: #555; } </style> </head> <body class="bg-light"> <div class="container login-container py-5"> <div class="card card-login"> <div class="card-header">🔐 เข้าสู่ระบบผู้ดูแลระบบ</div> <div class="card-body p-4"> <?php if(isset($error)): ?> <div class="alert alert-danger text-center"><?=$error?></div> <?php endif; ?> <form method="post" autocomplete="off"> <div class="mb-3"> <label>ชื่อผู้ใช้</label> <input type="text" name="username" class="form-control" required autofocus> </div> <div class="mb-3"> <label>รหัสผ่าน</label> <input type="password" name="password" class="form-control" required> </div> <!-- ✅ CAPTCHA --> <div class="mb-3"> <label>รหัสยืนยัน (CAPTCHA)</label> <div class="captcha-box mt-1 mb-2"> <div class="captcha-code" id="captchaText"><?=$_SESSION['captcha_code']?></div> <button type="button" class="refresh-btn" onclick="refreshCaptcha()">🔄</button> </div> <input type="text" name="captcha" class="form-control" maxlength="5" placeholder="กรอกรหัสที่เห็นด้านบน" required> </div> <!-- ✅ จำฉันไว้ --> <div class="form-check mb-3"> <input class="form-check-input" type="checkbox" name="remember_me" id="remember_me"> <label class="form-check-label" for="remember_me">จำฉันไว้ (เข้าสู่ระบบอัตโนมัติ 24 ชั่วโมง)</label> </div> <button type="submit" class="btn btn-login w-100 py-2 mt-2">เข้าสู่ระบบ</button> <div class="text-center mt-3"> <a href="../index.php" class="btn btn-outline-secondary w-100 py-2">⬅️ กลับหน้าแรก</a> </div> </form> </div> </div> </div> <script> function refreshCaptcha() { fetch('refresh_captcha.php') .then(response => response.text()) .then(data => { document.getElementById('captchaText').textContent = data.trim(); }); } </script> </div> <?php include('../footer.php'); ?> </body> </html>

| ver. 1.4 | Github | . | PHP 7.4.33 | Generation time: 0.5 | proxy | phpinfo | Settings