Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
107 lines (87 sloc) 2.97 KB
<?php
session_start();
//load and connect to MySQL database stuff
$loggingIn = true;
require("../dbCon.php");
//Set customerID to -1 to prevent user from going back after logging out
$_SESSION["AdminID"] = -1;
if (!empty($_POST)) {
/*
//gets user's info based off of a username.
$query = "
SELECT
useraccountID,
userName,
password
FROM useraccounts
WHERE
userName = :userName
";
// echo $query;
$query_params = array(
':userName' => $_POST['AdminID']
);
// echo implode("|",$query_params);
*/
$uName = $_POST['AdminID'];
$query = "SELECT AdminID, password FROM admins WHERE AdminID = ?";
$stmt = $con->prepare($query);
$stmt ->bind_param("s", $uName);
$stmt ->execute();
$result = $stmt->get_result();
//This will be the variable to determine whether or not the user's information is correct.
//we initialize it as false.
$validated_info = false;
//fetching all the rows from the query
$row = $result->fetch_assoc();
if ($row) {
//if we encrypted the password, we would unencrypt it here, but in our case we just
//compare the two passwords
if ($_POST['Password'] === $row['password']) {
$login_ok = true;
}
//$pEntered = 'test';
//$hash = password_hash($pEntered, PASSWORD_BCRYPT);
//echo $hash;
//echo password_verify($pEntered, $hash);
}
// If the user logged in successfully, then we send them to the private members-only page
// Otherwise, we display a login failed message and show the login form again
if ($login_ok) {
$response["success"] = 1;
$response["message"] = "Login successful!";
$_SESSION["AdminID"] = $row['AdminID'];
header("Location:Dashboard.php");
exit();
die(json_encode($response));
} else {
$response["success"] = 0;
$response["message"] = "Invalid Credentials!";
header("Location:login.php?message=invalid");
exit();
die(json_encode($response));
}
} else {
?>
<html >
<head>
<meta charset="UTF-8">
<title>Northwind Administrator Login</title>
<link rel="stylesheet" href="../style.css">
</head>
<body>
<div id ='loginwrapper'>
<img src="http://jasonlgray.com/northwind/Images/Northwind.jpg" alt = "Northwind logo" width="400">
<form action = "login.php" method = "post">
<div class="form-group">
<input type="text" name="AdminID" placeholder="Administrator ID" id="username">
<input type="password" name="Password" id="pwd" placeholder="Password">
<input type="submit" id="submit" value="Login">
</div>
</form>
</div>
</body>
</html>
<?php
}
?>
You can’t perform that action at this time.