-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
136 lines (104 loc) · 3.5 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
// code used from http://www.codingcage.com/2015/01/user-registration-and-login-script-using-php-mysql.html as reference
ob_start();
session_start();
$servername = "localhost";
$username = "root";
$password = NULL;
$databasename = 'Venue';
//connect
$conn = new mysqli($servername, $username, $password, $databasename);
//check connecting
if($conn->connect_error) {
die("Connection falied: " . $conn->connect_error);
}
$emailError='';
$passError='';
$errMSG='';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: home.php");
exit;
}
$error = false;
if( isset($_POST['login']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
if( intval($email)!= 0 ){
$branch=1;
}
else{
$branch=0;
}
if(empty($email)){
$error = true;
$emailError = "Please enter your email address.";
} else if ( (!filter_var($email,FILTER_VALIDATE_EMAIL)) && ($branch==0) ) {
$error = true;
$emailError = "Please enter valid email address.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
// if there's no error, continue to login
if (!$error) {
$sql="SELECT cid, f_name, password FROM `customer` WHERE email='$email'";
$result = $conn->query($sql);
$row=$result->fetch_assoc();
$count = $result->num_rows; // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['password']==$pass ) {
$_SESSION['user'] = $row['cid'];
$_SESSION['username'] = $row['f_name'];
header("Location: home.php");
exit();
}
else {
//code for manager authentication
$sql2="SELECT sid, f_name, branchID FROM `staffemployed` WHERE sid='$email' AND manager = 1";
$result2 = $conn->query($sql2);
$row2=$result2->fetch_assoc();
$count2 = $result2->num_rows; // if uname/pass correct it returns must be 1 row
if( $count2 == 1 && $row2['branchID']==$pass ) {
$_SESSION['user'] = $row2['sid'];
$_SESSION['username'] = $row2['f_name'];
header("Location: manager_home.php");
exit();
}
else {
$errMSG = "Incorrect Credentials, Try again...<br>";
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="cover.css">
</head>
<body background="bar.jpg">
<br>
<br>
<br>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<h1 style = "font-size: 48px;">Log In to Venue</h1>
<?php echo $errMSG; ?>
<input type="text" name="email" placeholder="Your Email" maxlength="40" />
<?php echo $emailError; ?>
<br>
<input type="password" name="pass" placeholder="Your Password" maxlength="15" />
<?php echo $passError; ?>
<br><br>
<button type="submit" name="login" class="button" style="vertical-align:middle"><span>Sign In </span></button>
<br><br>
<p>If you don't have an account set up, please sign up below.<br><br><a href="register.php">Sign Up</a></p>
</form>
</body>
</html>
<?php ob_end_flush(); ?>