-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
105 lines (101 loc) · 3.68 KB
/
index.php
File metadata and controls
105 lines (101 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
if(!isset($_SESSION)) {
session_start();
}
$_SESSION['database_access'] = true;
include 'db/config_database.php';
$_SESSION['database_access'] = false;
$result = 'No';
if(isset($_POST['submit'])){
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($con, $_POST['username']);
$mypassword = mysqli_real_escape_string($con, $_POST['password']);
//$mypassword = hash('sha256', $mypassword);
// If username or password is empty tell user,
if($myusername == '' || $mypassword == ''){
$result = 'empty';
}
else if($myusername == 'admin' && $mypassword == 'admin'){
$_SESSION['login_access'] = 2;
}
else {
// Access database to check if entered login username and password exist
$sql = "SELECT lid,account_type FROM login WHERE username = '$myusername' and password = '$mypassword';";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$_SESSION['user_name'] = $myusername;
$_SESSION['login_access'] = $row['account_type'];
$_SESSION['login_id'] = $row['lid'];
$result = 'Yes';
// Redirect to select_access page
header("location: select_access.php");
}
else {
// Username & password are incorrect
$result = 'incorrect';
}
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title> Login </title>
<link rel='stylesheet prefetch' href='http://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css'>
<link rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="css/style.css">
<script src="bootstrap/jQuery/jquery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js"></script>
<script type="text/javascript">
function fpassoverlay(){
alert("Please Contact Admin");
}
// Reset message in html if user click either username or password element
window.onload = function(){
document.getElementById('username').onclick = function(){
document.getElementById("message").innerHTML="";
}
document.getElementById('password').onclick = function(){
document.getElementById("message").innerHTML="";
}
}
</script>
</head>
<!-- style="background-color:#DDCCFF" -->
<body >
<div class="container" >
<br>
<h2>EnqTracker</h2><br><br>
<div class="form">
<form method="post" action="index.php">
<div class="form-group ">
<input type="text" class="form-control" placeholder="Username " id="username" name="username">
<i class="fa fa-user"></i>
</div>
<!-- Html to show login form -->
<div class="form-group log-status">
<input type="password" class="form-control" placeholder="Password" id="password" name="password">
<i class="fa fa-lock"></i>
</div>
<div id="message" style="color:#ff0000"></div>
<input class="btn" type='submit' name ='submit' value='Log in' />
</form>
<input class="btn" id="fpass" onclick="fpassoverlay()" value='Forgot Password?' />
</div>
</div>
</body>
<?php
// Set message as per mistake in username & password
if($result == 'incorrect'){
echo '<script type="text/javascript"> document.getElementById("message").innerHTML="Wrong Username or Password"; document.getElementById("message").style.color = "#ff0000";</script>';
}
if($result == 'empty'){
echo '<script type="text/javascript"> document.getElementById("message").innerHTML="Empty Username & Password"; document.getElementById("message").style.color = "#ff0000";</script>';
}
?>
</html>