Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
142 lines (117 sloc) 4.16 KB
<?php
session_start();
$loggingIn = true;
//load and connect to MySQL database stuff
require("../dbCon.php");
//Set customerID to -1 to prevent user from going back after logging out
$_SESSION["EmployeeID"] = -1;
if (!empty($_POST)) {
/*
//gets user's info based off of a username.
$query = "
SELECT
useraccountID,
userName,
password
FROM useraccounts
WHERE
userName = :userName
";
// echo $query;
$query_params = array(
':userName' => $_POST['Username']
);
// echo implode("|",$query_params);
*/
$uName = $_POST['Username'];
$query = "SELECT EmployeeID, password, LastName FROM employees WHERE LastName = ?";
$stmt = $con->prepare($query);
$stmt ->bind_param("s", $uName);
$stmt ->execute();
$result = $stmt->get_result();
/*
if (!$result = $con->query($sql)) {
// Oh no! The query failed.
echo "Sorry, the website is experiencing problems.";
// Again, do not do this on a public site, but we'll show you how
// to get the error information
echo "Error: Our query failed to execute and here is why: \n";
echo "Query: " . $sql . "\n";
echo "Errno: " . $mysqli->errno . "\n";
echo "Error: " . $mysqli->error . "\n";
exit;
}
/*
try {
$stmt = $con->prepare($query);
$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one to product JSON data:
$response["success"] = 0;
$response["message"] = "Database Error1. Please Try Again!";
die(json_encode($response));
}
*/
//This will be the variable to determine whether or not the user's information is correct.
//we initialize it as false.
$validated_info = false;
//fetching all the rows from the query
$row = $result->fetch_assoc();
if ($row) {
//if we encrypted the password, we would unencrypt it here, but in our case we just
//compare the two passwords
if ($_POST['Password'] === $row['password']) {
$login_ok = true;
}
//$pEntered = 'test';
//$hash = password_hash($pEntered, PASSWORD_BCRYPT);
//echo $hash;
//echo password_verify($pEntered, $hash);
}
// If the user logged in successfully, then we send them to the private members-only page
// Otherwise, we display a login failed message and show the login form again
if ($login_ok) {
$response["success"] = 1;
$response["message"] = "Login successful!";
$_SESSION["EmployeeID"] = $row['EmployeeID'];
// $_SESSION["ContactName"] = $row['ContactName'];
header("Location:Dashboard.php");
exit();
die(json_encode($response));
} else {
$response["success"] = 0;
$response["message"] = "Invalid Credentials!";
header("Location:login.php?message=invalid");
exit();
die(json_encode($response));
}
} else {
?>
<html >
<head>
<meta charset="UTF-8">
<title>Northwind Employee Login</title>
<link rel="stylesheet" href="../style.css">
</head>
<body>
<div id ='loginwrapper'>
<img src="http://jasonlgray.com/northwind/Images/Northwind.jpg" alt = "Northwind logo" width="400">
<form action = "login.php" method = "post">
<div class="form-group">
<input type="text" name="Username" placeholder="Last Name" id="username">
<input type="password" name="Password" id="pwd" placeholder="Password">
<input type="submit" id="submit" value="Login">
</div>
<div id="reg-line">
<small>Dont have an account? Please contact an administrator to create one.</small>
</div>
</form>
</div>
</body>
</html>
<?php
}
?>
You can’t perform that action at this time.