0xV3NOMx
Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64



Your IP : 18.189.143.150


Current Path : /var/www/html/kusdde_tobedeleted/adm/includes/
Upload File :
Current File : /var/www/html/kusdde_tobedeleted/adm/includes/functions.php

<?php




function checkLoginCredentials($user, $pass, $deviceID, $deviceDate,$manufacturer,$product,$model, $con)
{
	$error = array();
	$statusCode='';
	$statusMessage='';
	$admno='';
	$degree='';
	$apikey='';
	$instCode='';
	$branchCode='';
	$class='';
	$studentName ='';
	$imageUrl='';
	$section='';
	$user=strtoupper($user);
	//$userDisplayName='';

    if ( empty( $user ) ) { //check if username is blank
        $error[] = 'Username is blank';
		$statusCode = '0';
		$statusMessage='Username is blank.';
    }

    if ( empty( $pass ) ) { //check if password is blank
        $error[] = 'Password is blank';
		$statusCode = '0';
		$statusMessage='Password is blank.';
    }
	
    if ( count( $error ) == 0 ) 
	{

		$loginQuery = "SELECT * FROM masuser WHERE
						fusername = '{$user}' AND BINARY fpasswd = '{$pass}'";
		
		$loginResult =  mysqli_query($con,$loginQuery);
		
		if(mysqli_num_rows($loginResult) == 0)
		{
			$statusCode = '0';
			$statusMessage='Wrong username or Password.Login Failed.';
		}
		
		if (mysqli_num_rows($loginResult) > 1 )
		{
			$statusCode = '0';
			$statusMessage='oops!!! Something went wrong.. Please try again';
		}
		
		
		if (mysqli_num_rows($loginResult) == 1 )
		{
					$row = mysqli_fetch_array($loginResult,MYSQLI_ASSOC);
						$statusCode = '1';
						$statusMessage = 'Success';
						$admno = $row['fusername'];	
						$branchCode= "1";


// if APIKEY is not found, insert a new one 
						
						if(empty ($row['fapikey'])) //if the user is logging in for the first time and API key doesn't exist;
						{
							//generate the API key
							$key= substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(30/strlen($x)) )),1,30);
							$encryptedAPIKey = substr($pass, 0 ,2).$user.$key.substr($user, 4 ,8);
								//$encryptedAPIKey=md5($inputForAPIKey,1);
							$insertAPIQuery = "update masuser set fapikey = '{$encryptedAPIKey}' where fusername = '{$admno}' AND fpasswd = '{$pass}'";
							$insertAPIResult = mysqli_query($con,$insertAPIQuery);
						}

// if APIKEY is found, return the key back
						
							$apiKeyQuery = "select fapikey from masuser WHERE fusername = '{$user}' AND fpasswd = '{$pass}'";
							$apiKeyResult = mysqli_query($con,$apiKeyQuery);
							$row1 = mysqli_fetch_array($apiKeyResult,MYSQLI_ASSOC);
							$apikey = $row1['fapikey'];
							
						$studentQueryStatement = "select s.fname as studentName,s.fadmNo as admNo, s.fdegree, s.fsection,s.fexamno,
													d.fdegree,d.fdescpn as class,d.fexamno,d.fexamname as examName
													from student s, degree d
													where s.fdegree = d.fdegree 
													and s.fexamno = d.fexamno
													and  fadmno = '{$user}'";
						$studentQueryResult = mysqli_query($con, $studentQueryStatement);
						$row2 = mysqli_fetch_array($studentQueryResult,MYSQLI_ASSOC);
					
						$section = $row2['fsection'];
						$studentName = $row2['studentName'];
						$class = $row2['class'];
					//	$imageUrl = "/photos/studentphotos/".$user.".bmp";
				

// This is to update the last login date of the user				
					$updateLoginDate = "update masuser set flastlogin = now() where fusername = '{$user}' AND fpasswd = '{$pass}'";
					$updateLoginResult= mysqli_query($con,$updateLoginDate);				


	// This is to insert Mobile token (for push notifications) and login date in masuser. Add the token if it is not available, if available & not matching - update it.
					
					$mobileTokenQuery = "select * from deviceinfo where fusername= '{$user}'" ;
					$mobileTokenResult = mysqli_query($con,$mobileTokenQuery);
		// If the record for this student number doesn't exist..Add a new record in the device info table
					if(mysqli_num_rows($mobileTokenResult) == 0)
					{
					$insertDeviceIDQuery = "insert into deviceinfo (fusername,fdeviceid,fdate,manufacturer,product,model,updatedby) values ('{$user}','{$deviceID}','{$deviceDate}','{$manufacturer}','{$product}','{$model}','LOGINAPI')";
						$insertDeviceIDResult = mysqli_query($con,$insertDeviceIDQuery);
											
					}
					else
					if(mysqli_num_rows($mobileTokenResult) == 1)
					{
						$row3 = mysqli_fetch_array($mobileTokenResult,MYSQLI_ASSOC);
						$currentMobileToken = $row3['fdeviceid'];
						
						//Check if the existing token and the newly sent token are same. If not, update the existing token.
						//if($currentMobileToken != $deviceID)
						if(strcmp($currentMobileToken,$deviceID) != 0)
						{
							$updateDeviceIDQuery = "update deviceinfo set fdeviceid = '{$deviceID}', fdate = '{$deviceDate}', manufacturer = '{$manufacturer}', product = '{$product}',model = '{$model}', updatedby = 'LOGINAPI' where fusername = '{$user}'";
							$updateDeviceIDResult = mysqli_query($con,$updateDeviceIDQuery);
						}
						
					}
					
		}
	}

		$returnArray = array(
							"statusCode" => $statusCode,
							"statusMessage" => $statusMessage,
							"admno" => $admno,
							"studentName" => $studentName,
							"apikey" => $apikey,
							"instCode" => $instCode,
							"branchCode" => $branchCode,
							"section" => $section,
							"class" => $class
							//"imageUrl" => $imageUrl							
							);

						
        return $returnArray;
}


function checkLoginDetails($user, $pass, $empName, $con1)
{
	$error = array();
	$statusCode='';
	$statusMessage='';


    if ( empty( $user ) ) { //check if username is blank
        $error[] = 'Username is blank';
		return 'Username is blank.';
    }elseif ( empty( $pass ) ) { //check if password is blank
        $error[] = 'password is blank';
		return 'Password is blank.';
    }
    if ( count( $error ) == 0 ) 
	{
		$queryStatement = "SELECT * FROM masemp WHERE fempcode = '{$user}' AND BINARY fpasswd = '{$pass}' and fempname = '{$empName}'";
		$query = mysqli_query($con1, $queryStatement );
		if(mysqli_num_rows( $query ) >= 1 )
		{
			$returnString = 'Success';
		}
		else
		{
				$returnString = 'Invalid';
		}
		
	}
		return $returnString;
}


?>