File Manager

X7ROOT File Manager

Current Path: /home/u126090504/domains/oca.org.in/public_html/admin

home / u126090504 / domains / oca.org.in / public_html / admin /

📁 ..
📄 achievers.php(13.81 KB)
📄 admissions.php(5.67 KB)
📄 banners.php(7.18 KB)
📄 change_password.php(3.54 KB)
📄 contacts.php(3.83 KB)
📄 dashboard.php(9.73 KB)
📄 downloads.php(4.91 KB)
📄 export_franchise.php(930 B)
📄 faculty.php(13.27 KB)
📄 forgot_password.php(6.52 KB)
📄 franchise.php(7.28 KB)
📄 gallery.php(3.08 KB)
📄 governing-body-manage.php(9.12 KB)
📄 grievance-update.php(1003 B)
📄 grievance-view.php(5.32 KB)
📄 grievances.php(5.79 KB)
📁 includes
📄 index.php(82 B)
📄 login.php(6.59 KB)
📄 logout.php(102 B)
📄 manage_albums.php(2.28 KB)
📄 manage_media.php(3.02 KB)
📄 manage_photos.php(5.66 KB)
📄 manage_videos.php(3.62 KB)
📄 new_password.php(3.9 KB)
📄 notice.php(16.36 KB)
📄 notices.php(8.24 KB)
📄 payments.php(15.23 KB)
📁 phpmailer
📄 popup.php(10.68 KB)
📄 reset_password.php(2.27 KB)
📄 secure_session.php(1000 B)
📄 settings.php(5.21 KB)
📄 submit-grievance.php(4.97 KB)
📄 testimonials.php(10.25 KB)
📄 update_status.php(1.29 KB)
📄 upi_settings.php(1.52 KB)

Editing: login.php

<?php
include 'secure_session.php';   // ✅ Session security (CSRF, timeout)
require_once '../config.php';   // ✅ DB connection + reCAPTCHA keys

$success = $error = "";

/**
 * Verify Google reCAPTCHA v2
 */
function verify_recaptcha_v2(string $token): bool {
    if (empty($token)) return false;

$endpoint = 'https://www.google.com/recaptcha/api/siteverify';
    $payload  = http_build_query([
        'secret'   => RECAPTCHA_SECRET_KEY,
        'response' => $token,
        'remoteip' => $_SERVER['REMOTE_ADDR'] ?? null,
    ]);

// Prefer cURL; fallback to file_get_contents
    if (function_exists('curl_init')) {
        $ch = curl_init($endpoint);
        curl_setopt_array($ch, [
            CURLOPT_POST            => true,
            CURLOPT_POSTFIELDS      => $payload,
            CURLOPT_RETURNTRANSFER  => true,
            CURLOPT_TIMEOUT         => 10,
        ]);
        $resp = curl_exec($ch);
        curl_close($ch);
    } else {
        $opts = ['http' => ['method' => 'POST','header' => "Content-type: application/x-www-form-urlencoded\r\n",'content' => $payload,'timeout' => 10]];
        $resp = @file_get_contents($endpoint, false, stream_context_create($opts));
    }

if (!$resp) return false;
    $data = json_decode($resp, true);
    return isset($data['success']) && $data['success'] === true;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Simple honeypot (bots often fill hidden fields)
    $hp = trim($_POST['website'] ?? '');
    if ($hp !== '') {
        $error = "❌ Verification failed. Please try again.";
    } else {
        // 1) Verify reCAPTCHA BEFORE any DB queries
        $recaptchaToken = $_POST['g-recaptcha-response'] ?? '';
        if (!verify_recaptcha_v2($recaptchaToken)) {
            $error = "❌ Please complete the reCAPTCHA check.";
        } else {
            // 2) Proceed with login logic only if human
            $email = trim($_POST['email'] ?? '');
            $pass  = trim($_POST['password'] ?? '');

if ($email === '' || $pass === '') {
                $error = "❌ Email and password are required.";
            } else {
                $stmt = $conn->prepare("SELECT id, username, password, usertype, email 
                                        FROM register 
                                        WHERE email=? LIMIT 1");
                $stmt->bind_param("s", $email);
                $stmt->execute();
                $res = $stmt->get_result();

if ($row = $res->fetch_assoc()) {
                    if (password_verify($pass, $row['password']) && $row['usertype'] === 'admin') {
                        session_regenerate_id(true);
                        $_SESSION['admin_id']       = $row['id'];
                        $_SESSION['admin_username'] = $row['username'];
                        $_SESSION['admin_email']    = $row['email'];

$success = "✅ Login successful! Redirecting...";
                        header("Refresh:2; url=dashboard.php");
                    } else {
                        $error = "❌ Invalid email or password.";
                    }
                } else {
                    $error = "❌ Invalid email or password.";
                }
            }
        }
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Admin Login</title>
  
  <link href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css" rel="stylesheet">
  
  <style>
    body {
      background: linear-gradient(135deg, #6a11cb 0%, #2575fc 100%);
      min-height: 100vh;
      display: flex;
      align-items: center;
      justify-content: center;
      font-family: 'Segoe UI', sans-serif;
      padding: 16px;
    }
    .login-card {
      max-width: 420px;
      width: 100%;
      background: #fff;
      border-radius: 15px;
      box-shadow: 0 8px 20px rgba(0,0,0,0.2);
      padding: 30px;
      animation: fadeIn 0.6s ease-in-out;
    }
    .login-card h3 {
      margin-bottom: 20px;
      font-weight: 600;
      text-align: center;
      color: #333;
    }
    .btn-custom {
      background: #2575fc;
      color: #fff;
      font-weight: bold;
      border-radius: 8px;
      transition: 0.3s;
    }
    .btn-custom:hover { background: #1a5fd4; }
    .g-recaptcha { transform: scale(1); transform-origin: 0 0; }
    /* Honeypot hidden field */
    .hp-field { position: absolute; left: -5000px; opacity: 0; height: 0; width: 0; pointer-events: none; }
    @keyframes fadeIn {
      from {opacity: 0; transform: translateY(-20px);}
      to {opacity: 1; transform: translateY(0);}
    }
  </style>
</head>
<body>

<div class="login-card">
    <h3>🔑 Admin Login</h3>

<?php if ($error): ?>
      <div class="alert alert-danger mb-3"><?php echo htmlspecialchars($error); ?></div>
    <?php endif; ?>

<?php if ($success): ?>
      <div class="alert alert-success mb-3"><?php echo htmlspecialchars($success); ?></div>
    <?php endif; ?>

<div class="form-group">
        <label>Email address</label>
        <input type="email" name="email" class="form-control" placeholder="Enter email" required autocomplete="username">
      </div>
      <div class="form-group">
        <label>Password</label>
        <input type="password" name="password" class="form-control" placeholder="Enter password" required autocomplete="current-password">
      </div>

<div class="form-group">
        <div class="g-recaptcha" data-sitekey="<?php echo htmlspecialchars(RECAPTCHA_SITE_KEY); ?>"></div>
      </div>

<button type="submit" class="btn btn-custom btn-block">Login</button>
    </form>

<p class="mt-3 text-center">
      <a href="forgot_password.php">Forgot your password?</a>
    </p>
  </div>

<script src="https://www.google.com/recaptcha/api.js" async defer></script>

<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
  <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></script>
  <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.min.js"></script>
</body>
</html>

X7ROOT File Manager

Editing: login.php

Upload File

Create Folder