Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!-- Bootstrap core JavaScript-->
- <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
- <!-- Core plugin JavaScript-->
- <script src="vendor/jquery-easing/jquery.easing.min.js"></script>
- <!-- Page level plugin JavaScript-->
- <script src="vendor/chart.js/Chart.min.js"></script>
- <script src="vendor/datatables/jquery.dataTables.js"></script>
- <script src="vendor/datatables/dataTables.bootstrap4.js"></script>
- <!-- Custom scripts for all pages-->
- <script src="js/sb-admin.min.js"></script>
- <!-- Custom scripts for this page-->
- <script src="js/sb-admin-datatables.min.js"></script>
- <script src="js/sb-admin-charts.min.js"></script>
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" ty pe="text/javascript"></script>
- <link href="../../css/toastr.css" rel="stylesheet"/>
- <script src="../../js/toastr.js"></script>
- <script type="text/javascript">
- var tmp = "<?php $tmp = $_SESSION['message_success']; echo "$tmp"; ?>";
- alert(tmp + " h");
- $( document ).ready(function() {
- <?php
- if($_SESSION['sysLogin'] == "success") {
- $_SESSION['sysLogin'] = "";
- $user = $_SESSION['user'];
- echo "toastr.success('Welcome $user', 'User has logged in');";
- }
- if($_SESSION['message_success'] != "") {
- $msg = $_SESSION['message_success'];
- $_SESSION['message_success'] = "";
- echo "toastr.success('$msg', 'Success!');";
- }
- if($_SESSION['message_error'] != "") {
- $msg = $_SESSION['message_error'];
- $_SESSION['message_error'] = "";
- echo "toastr.error('$msg', 'Error!');";
- }
- if($_SESSION['message_warning'] != "") {
- $msg = $_SESSION['message_warning'];
- $_SESSION['message_warning'] = "";
- echo "toastr.warning('$msg', 'Warning!');";
- }
- ?>
- });
- </script>
- </div>
- </body>
- </html>
- if($update_statement) {
- $_SESSION['message_success'] = "$_membername's Careplan has been successfully updated.";
- echo "<script type='text/javascript'>window.location.href = '../clients.php';</script>";
- //header("Location:". $redirect);
- //exit();
- }
- <?php
- session_start();
- $message="";
- if(isset($_POST["login"])) {
- $redirect = NULL;
- if($_POST['redirect'] != '') {
- $redirect = $_POST['redirect'];
- }
- if(empty($_POST['username']) || empty($_POST['password'])) {
- $message = "Both fields must be filled out.";
- $_SESSION['sysLogin'] = "$message";
- header("location: ../login.php?redirect=" . urlencode($redirect));
- } else {
- require('server_connection.inc');
- $connection = connect_to_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME);
- $user=mysqli_real_escape_string($connection, $_POST['username']);
- $pass=mysqli_real_escape_string($connection, $_POST['password']);
- $statement = "select * from Credentials where UserName='$user' AND Password='$pass';";
- $result = $connection->query($statement);
- if($result->num_rows == 1) {
- // lets determine the type of user that logged in
- // if not employee but CEO, Manager, ETC, its an Admin
- $employeeid = ($result->fetch_assoc())["EmployeeID"];
- $check = "select Employees.Position, Employees.Name, Employees.ID from Credentials, Employees where (Credentials.EmployeeID = Employees.ID) AND Employees.ID = '$employeeid';";
- $result_two = $connection->query($check);
- if($result->num_rows == 1) {
- $the_row = $result_two->fetch_assoc();
- if($the_row["Position"] == "Employee") {
- $name = $the_row["Name"];
- $the_id = $the_row['ID'];
- $_SESSION['logon'] = true;
- $_SESSION['user'] = "$name";
- $_SESSION['type'] = "employee";
- $_SESSION['sysLogin'] = "success";
- $_SESSION['user_id'] = $the_id;
- mysqli_close($conection);
- if($redirect) {
- header("Location:". $redirect);
- } else {
- header("location: ../index.php");
- }
- exit();
- } else if($the_row["Position"] == "CEO" || $the_row["Position"] == "Manager") {
- $name = $the_row["Name"];
- $the_id = $the_row['ID'];
- $_SESSION['logon'] = true;
- $_SESSION['user'] = "$name";
- $_SESSION['type'] = "admin";
- $_SESSION['sysLogin'] = "success";
- $_SESSION['user_id'] = $the_id;
- mysqli_close($conection);
- if($redirect) {
- header("Location:". $redirect);
- } else {
- header("location: ../index.php");
- }
- exit();
- }
- } else {
- $message = "Unable to Parse Employee. Please contact your sites Administrator.";
- $_SESSION['sysLogin'] = "$message";
- mysqli_close($conection);
- header("location: ../login.php?redirect=" . urlencode($redirect));
- }
- } else if($result->num_rows == 0){
- $message = "Incorrect username or password";
- $_SESSION['sysLogin'] = "$message";
- mysqli_close($conection);
- header("location: ../login.php?redirect=" . urlencode($redirect));
- } else {
- $message = "Database Login Error. Too many retrieved accounts. Please contact your sites Administrator.";
- $_SESSION['sysLogin'] = "$message";
- mysqli_close($conection);
- header("location: ../login.php?redirect=" . urlencode($redirect));
- }
- }
- }
- function write_to_log($message) {
- $file = fopen("logfile.txt", "w") or die("Unable to open file!");
- fwrite($file, "$messagen");
- fclose($file);
- }
- function connect_to_db($server, $username, $pwd, $dbname) {
- $conn = mysqli_connect($server, $username, $pwd);
- if(!$conn) {
- echo "" . mysqli_error($conn);
- exit;
- }
- $dbh = mysqli_select_db($conn, $dbname);
- if(!$dbh) {
- echo "" . mysqli_error($conn);
- exit;
- }
- return $conn;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement