login.php

<?php
session_start();
$loggingIn = true;
//load and connect to MySQL database stuff
require("../dbCon.php");
//Set customerID to -1 to prevent user from going back after logging out
$_SESSION["EmployeeID"] = -1;


if (!empty($_POST)) {
    /*
    //gets user's info based off of a username.
    $query = "
            SELECT
                useraccountID,
                userName,
                password
            FROM useraccounts
            WHERE
                userName = :userName
        ";
 //   echo $query;
    $query_params = array(
        ':userName' => $_POST['Username']
    );
 //   echo implode("|",$query_params);
    */

    $uName = $_POST['Username'];

    $query = "SELECT EmployeeID, password, LastName FROM employees WHERE LastName = ?";
    $stmt   = $con->prepare($query);
    $stmt   ->bind_param("s", $uName);

    $stmt   ->execute();
    $result = $stmt->get_result();

    /*
    if (!$result = $con->query($sql)) {
        // Oh no! The query failed.
        echo "Sorry, the website is experiencing problems.";

        // Again, do not do this on a public site, but we'll show you how
        // to get the error information
        echo "Error: Our query failed to execute and here is why: \n";
        echo "Query: " . $sql . "\n";
        echo "Errno: " . $mysqli->errno . "\n";
        echo "Error: " . $mysqli->error . "\n";
        exit;
    }
    /*
    try {
        $stmt = $con->prepare($query);
        $result = $stmt->execute($query_params);
    }

    catch (PDOException $ex) {
        // For testing, you could use a die and message.
        //die("Failed to run query: " . $ex->getMessage());

        //or just use this use this one to product JSON data:
        $response["success"] = 0;
        $response["message"] = "Database Error1. Please Try Again!";
        die(json_encode($response));

    }
    */
    //This will be the variable to determine whether or not the user's information is correct.
    //we initialize it as false.
    $validated_info = false;

    //fetching all the rows from the query
    $row = $result->fetch_assoc();

    if ($row) {
        //if we encrypted the password, we would unencrypt it here, but in our case we just
        //compare the two passwords
        if ($_POST['Password'] === $row['password']) {
            $login_ok = true;
        }

        //$pEntered = 'test';
        //$hash = password_hash($pEntered, PASSWORD_BCRYPT);
        //echo $hash;
        //echo password_verify($pEntered, $hash);

    }

    // If the user logged in successfully, then we send them to the private members-only page
    // Otherwise, we display a login failed message and show the login form again
    if ($login_ok) {
        $response["success"] = 1;
        $response["message"] = "Login successful!";
        $_SESSION["EmployeeID"] = $row['EmployeeID'];
       // $_SESSION["ContactName"] = $row['ContactName'];


        header("Location:Dashboard.php");
        exit();
        die(json_encode($response));
    } else {
        $response["success"] = 0;
        $response["message"] = "Invalid Credentials!";
        header("Location:login.php?message=invalid");
        exit();
        die(json_encode($response));
    }
} else {
?>

<html >
    <head>
        <meta charset="UTF-8">
        <title>Northwind Employee Login</title>

        <link rel="stylesheet" href="../style.css">
    </head>
    <body>
        <div id ='loginwrapper'>
            <img src="http://jasonlgray.com/northwind/Images/Northwind.jpg" alt = "Northwind logo" width="400">
            <form action = "login.php" method = "post">
                <div class="form-group">
                    <input type="text" name="Username" placeholder="Last Name" id="username">
                    <input type="password" name="Password" id="pwd" placeholder="Password">
                    <input type="submit" id="submit" value="Login">
                </div>


                <div id="reg-line">
                    <small>Dont have an account? Please contact an administrator to create one.</small>
                </div>
            </form>
        </div>

    </body>
</html>


<?php
}
?>
	<?php
	session_start();
	$loggingIn = true;
	//load and connect to MySQL database stuff
	require("../dbCon.php");
	//Set customerID to -1 to prevent user from going back after logging out
	$_SESSION["EmployeeID"] = -1;


	if (!empty($_POST)) {
	/*
	//gets user's info based off of a username.
	$query = "
	SELECT
	useraccountID,
	userName,
	password
	FROM useraccounts
	WHERE
	userName = :userName
	";
	// echo $query;
	$query_params = array(
	':userName' => $_POST['Username']
	);
	// echo implode("\|",$query_params);
	*/

	$uName = $_POST['Username'];

	$query = "SELECT EmployeeID, password, LastName FROM employees WHERE LastName = ?";
	$stmt = $con->prepare($query);
	$stmt ->bind_param("s", $uName);

	$stmt ->execute();
	$result = $stmt->get_result();

	/*
	if (!$result = $con->query($sql)) {
	// Oh no! The query failed.
	echo "Sorry, the website is experiencing problems.";

	// Again, do not do this on a public site, but we'll show you how
	// to get the error information
	echo "Error: Our query failed to execute and here is why: \n";
	echo "Query: " . $sql . "\n";
	echo "Errno: " . $mysqli->errno . "\n";
	echo "Error: " . $mysqli->error . "\n";
	exit;
	}
	/*
	try {
	$stmt = $con->prepare($query);
	$result = $stmt->execute($query_params);
	}

	catch (PDOException $ex) {
	// For testing, you could use a die and message.
	//die("Failed to run query: " . $ex->getMessage());

	//or just use this use this one to product JSON data:
	$response["success"] = 0;
	$response["message"] = "Database Error1. Please Try Again!";
	die(json_encode($response));

	}
	*/
	//This will be the variable to determine whether or not the user's information is correct.
	//we initialize it as false.
	$validated_info = false;

	//fetching all the rows from the query
	$row = $result->fetch_assoc();

	if ($row) {
	//if we encrypted the password, we would unencrypt it here, but in our case we just
	//compare the two passwords
	if ($_POST['Password'] === $row['password']) {
	$login_ok = true;
	}

	//$pEntered = 'test';
	//$hash = password_hash($pEntered, PASSWORD_BCRYPT);
	//echo $hash;
	//echo password_verify($pEntered, $hash);

	}

	// If the user logged in successfully, then we send them to the private members-only page
	// Otherwise, we display a login failed message and show the login form again
	if ($login_ok) {
	$response["success"] = 1;
	$response["message"] = "Login successful!";
	$_SESSION["EmployeeID"] = $row['EmployeeID'];
	// $_SESSION["ContactName"] = $row['ContactName'];


	header("Location:Dashboard.php");
	exit();
	die(json_encode($response));
	} else {
	$response["success"] = 0;
	$response["message"] = "Invalid Credentials!";
	header("Location:login.php?message=invalid");
	exit();
	die(json_encode($response));
	}
	} else {
	?>

	<html >
	<head>
	<meta charset="UTF-8">
	<title>Northwind Employee Login</title>

	<link rel="stylesheet" href="../style.css">
	</head>
	<body>
	<div id ='loginwrapper'>
	<img src="http://jasonlgray.com/northwind/Images/Northwind.jpg" alt = "Northwind logo" width="400">
	<form action = "login.php" method = "post">
	<div class="form-group">
	<input type="text" name="Username" placeholder="Last Name" id="username">
	<input type="password" name="Password" id="pwd" placeholder="Password">
	<input type="submit" id="submit" value="Login">
	</div>


	<div id="reg-line">
	<small>Dont have an account? Please contact an administrator to create one.</small>
	</div>
	</form>
	</div>

	</body>
	</html>


	<?php
	}
	?>