checklogin.php

<!-- Authored by Iu-Wei Sze and Ashley Dumaine -->

<?php

ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="databasesproject"; // Database name
$tbl_name="user"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$type = $_POST['type'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
//$myusername=$_POST['myusername'];
//$mypassword=$_POST['mypassword'];
$sql="SELECT * FROM $tbl_name WHERE UName='" . $myusername . "' and UPasswd='" . $mypassword . "'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_start();
    $_SESSION['myusername']=$myusername;
    $_SESSION['mypassword']=$mypassword;
    //header("location:login_success.php");
    $sql="SELECT * FROM administrator WHERE UName='" . $myusername . "'";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);

    if($count==1){
        $_SESSION['type']="Admin";
        header("location:admin_dashboard.php");
    }
    else {
        $sql="SELECT * FROM poster WHERE UName='" . $myusername . "'";
        $result=mysql_query($sql);
        $count=mysql_num_rows($result);
        if($count==1){
            $_SESSION['type']="Poster";
            header("location:posterDashboard.php");
        }
        else {
            $_SESSION['type']="Seeker";
            header("location:dashboard.php");
        }
    }
}
else {
header("location:login_error.php");
//echo "Wrong Username or Password";
}
ob_end_flush();
?>
	<!-- Authored by Iu-Wei Sze and Ashley Dumaine -->

	<?php

	ob_start();
	$host="localhost"; // Host name
	$username="root"; // Mysql username
	$password=""; // Mysql password
	$db_name="databasesproject"; // Database name
	$tbl_name="user"; // Table name

	// Connect to server and select databse.
	mysql_connect($host, $username, $password)or die("cannot connect");
	mysql_select_db($db_name)or die("cannot select DB");

	// Define $myusername and $mypassword
	$myusername=$_POST['myusername'];
	$mypassword=$_POST['mypassword'];
	$type = $_POST['type'];

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	//$myusername=$_POST['myusername'];
	//$mypassword=$_POST['mypassword'];
	$sql="SELECT * FROM $tbl_name WHERE UName='" . $myusername . "' and UPasswd='" . $mypassword . "'";
	$result=mysql_query($sql);

	// Mysql_num_row is counting table row
	$count=mysql_num_rows($result);

	// If result matched $myusername and $mypassword, table row must be 1 row
	if($count==1){

	// Register $myusername, $mypassword and redirect to file "login_success.php"
	session_start();
	$_SESSION['myusername']=$myusername;
	$_SESSION['mypassword']=$mypassword;
	//header("location:login_success.php");
	$sql="SELECT * FROM administrator WHERE UName='" . $myusername . "'";
	$result=mysql_query($sql);
	$count=mysql_num_rows($result);

	if($count==1){
	$_SESSION['type']="Admin";
	header("location:admin_dashboard.php");
	}
	else {
	$sql="SELECT * FROM poster WHERE UName='" . $myusername . "'";
	$result=mysql_query($sql);
	$count=mysql_num_rows($result);
	if($count==1){
	$_SESSION['type']="Poster";
	header("location:posterDashboard.php");
	}
	else {
	$_SESSION['type']="Seeker";
	header("location:dashboard.php");
	}
	}
	}
	else {
	header("location:login_error.php");
	//echo "Wrong Username or Password";
	}
	ob_end_flush();
	?>