<!-- Bootstrap core JavaScript--><script src="vendor/bootstrap/js/bootstrap.bun

1. <!-- Bootstrap core JavaScript-->
2. <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
3. <!-- Core plugin JavaScript-->
4. <script src="vendor/jquery-easing/jquery.easing.min.js"></script>
5. <!-- Page level plugin JavaScript-->
6. <script src="vendor/chart.js/Chart.min.js"></script>
7. <script src="vendor/datatables/jquery.dataTables.js"></script>
8. <script src="vendor/datatables/dataTables.bootstrap4.js"></script>
9. <!-- Custom scripts for all pages-->
10. <script src="js/sb-admin.min.js"></script>
11. <!-- Custom scripts for this page-->
12. <script src="js/sb-admin-datatables.min.js"></script>
13. <script src="js/sb-admin-charts.min.js"></script>
14.  
15. <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" ty pe="text/javascript"></script>
16. <link href="../../css/toastr.css" rel="stylesheet"/>
17. <script src="../../js/toastr.js"></script>
18. <script type="text/javascript">
19. var tmp = "<?php $tmp = $_SESSION['message_success']; echo "$tmp"; ?>";
20. alert(tmp + " h");
21. $( document ).ready(function() {
22. <?php
23. if($_SESSION['sysLogin'] == "success") {
24. $_SESSION['sysLogin'] = "";
25. $user = $_SESSION['user'];
26. echo "toastr.success('Welcome $user', 'User has logged in');";
27. }
28. if($_SESSION['message_success'] != "") {
29. $msg = $_SESSION['message_success'];
30. $_SESSION['message_success'] = "";
31. echo "toastr.success('$msg', 'Success!');";
32. }
33. if($_SESSION['message_error'] != "") {
34. $msg = $_SESSION['message_error'];
35. $_SESSION['message_error'] = "";
36. echo "toastr.error('$msg', 'Error!');";
37. }
38. if($_SESSION['message_warning'] != "") {
39. $msg = $_SESSION['message_warning'];
40. $_SESSION['message_warning'] = "";
41. echo "toastr.warning('$msg', 'Warning!');";
42. }
43. ?>
44. });
45. </script>
46. </div>
47. </body>
48.  
49. </html>
50.  
51. if($update_statement) {
52. $_SESSION['message_success'] = "$_membername's Careplan has been successfully updated.";
53. echo "<script type='text/javascript'>window.location.href = '../clients.php';</script>";
54. //header("Location:". $redirect);
55. //exit();
56. }
57.  
58. <?php
59. session_start();
60. $message="";
61. if(isset($_POST["login"])) {
62. $redirect = NULL;
63. if($_POST['redirect'] != '') {
64. $redirect = $_POST['redirect'];
65. }
66. if(empty($_POST['username']) || empty($_POST['password'])) {
67. $message = "Both fields must be filled out.";
68. $_SESSION['sysLogin'] = "$message";
69. header("location: ../login.php?redirect=" . urlencode($redirect));
70. } else {
71.  
72. require('server_connection.inc');
73. $connection = connect_to_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME);
74.  
75. $user=mysqli_real_escape_string($connection, $_POST['username']);
76. $pass=mysqli_real_escape_string($connection, $_POST['password']);
77. $statement = "select * from Credentials where UserName='$user' AND Password='$pass';";
78. $result = $connection->query($statement);
79.  
80. if($result->num_rows == 1) {
81. // lets determine the type of user that logged in
82. // if not employee but CEO, Manager, ETC, its an Admin
83. $employeeid = ($result->fetch_assoc())["EmployeeID"];
84. $check = "select Employees.Position, Employees.Name, Employees.ID from Credentials, Employees where (Credentials.EmployeeID = Employees.ID) AND Employees.ID = '$employeeid';";
85. $result_two = $connection->query($check);
86. if($result->num_rows == 1) {
87. $the_row = $result_two->fetch_assoc();
88. if($the_row["Position"] == "Employee") {
89. $name = $the_row["Name"];
90. $the_id = $the_row['ID'];
91. $_SESSION['logon'] = true;
92. $_SESSION['user'] = "$name";
93. $_SESSION['type'] = "employee";
94. $_SESSION['sysLogin'] = "success";
95. $_SESSION['user_id'] = $the_id;
96. mysqli_close($conection);
97. if($redirect) {
98. header("Location:". $redirect);
99. } else {
100. header("location: ../index.php");
101. }
102. exit();
103. } else if($the_row["Position"] == "CEO" || $the_row["Position"] == "Manager") {
104. $name = $the_row["Name"];
105. $the_id = $the_row['ID'];
106. $_SESSION['logon'] = true;
107. $_SESSION['user'] = "$name";
108. $_SESSION['type'] = "admin";
109. $_SESSION['sysLogin'] = "success";
110. $_SESSION['user_id'] = $the_id;
111. mysqli_close($conection);
112. if($redirect) {
113. header("Location:". $redirect);
114. } else {
115. header("location: ../index.php");
116. }
117. exit();
118. }
119. } else {
120. $message = "Unable to Parse Employee. Please contact your sites Administrator.";
121. $_SESSION['sysLogin'] = "$message";
122. mysqli_close($conection);
123. header("location: ../login.php?redirect=" . urlencode($redirect));
124. }
125. } else if($result->num_rows == 0){
126. $message = "Incorrect username or password";
127. $_SESSION['sysLogin'] = "$message";
128. mysqli_close($conection);
129. header("location: ../login.php?redirect=" . urlencode($redirect));
130. } else {
131. $message = "Database Login Error. Too many retrieved accounts. Please contact your sites Administrator.";
132. $_SESSION['sysLogin'] = "$message";
133. mysqli_close($conection);
134. header("location: ../login.php?redirect=" . urlencode($redirect));
135. }
136. }
137. }
138.  
139. function write_to_log($message) {
140. $file = fopen("logfile.txt", "w") or die("Unable to open file!");
141. fwrite($file, "$messagen");
142. fclose($file);
143. }
144.  
145. function connect_to_db($server, $username, $pwd, $dbname) {
146. $conn = mysqli_connect($server, $username, $pwd);
147. if(!$conn) {
148. echo "" . mysqli_error($conn);
149. exit;
150. }
151. $dbh = mysqli_select_db($conn, $dbname);
152. if(!$dbh) {
153. echo "" . mysqli_error($conn);
154. exit;
155. }
156. return $conn;
157. }
158. ?>