daily pastebin goal
68%
SHARE
TWEET

Untitled

a guest Apr 21st, 2018 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!-- Bootstrap core JavaScript-->
  2. <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
  3. <!-- Core plugin JavaScript-->
  4. <script src="vendor/jquery-easing/jquery.easing.min.js"></script>
  5. <!-- Page level plugin JavaScript-->
  6. <script src="vendor/chart.js/Chart.min.js"></script>
  7. <script src="vendor/datatables/jquery.dataTables.js"></script>
  8. <script src="vendor/datatables/dataTables.bootstrap4.js"></script>
  9. <!-- Custom scripts for all pages-->
  10. <script src="js/sb-admin.min.js"></script>
  11. <!-- Custom scripts for this page-->
  12. <script src="js/sb-admin-datatables.min.js"></script>
  13. <script src="js/sb-admin-charts.min.js"></script>
  14.  
  15.     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" ty    pe="text/javascript"></script>
  16.     <link href="../../css/toastr.css" rel="stylesheet"/>
  17.     <script src="../../js/toastr.js"></script>
  18.     <script type="text/javascript">
  19.             var tmp = "<?php $tmp = $_SESSION['message_success']; echo "$tmp"; ?>";
  20.             alert(tmp + " h");
  21.             $( document ).ready(function() {
  22.                     <?php
  23.                         if($_SESSION['sysLogin'] == "success") {
  24.                             $_SESSION['sysLogin'] = "";
  25.                             $user = $_SESSION['user'];
  26.                             echo "toastr.success('Welcome $user', 'User has logged in');";
  27.                         }
  28.                         if($_SESSION['message_success'] != "") {
  29.                             $msg = $_SESSION['message_success'];
  30.                             $_SESSION['message_success'] = "";
  31.                             echo "toastr.success('$msg', 'Success!');";
  32.                         }
  33.                         if($_SESSION['message_error'] != "") {
  34.                             $msg = $_SESSION['message_error'];
  35.                             $_SESSION['message_error'] = "";
  36.                             echo "toastr.error('$msg', 'Error!');";
  37.                         }
  38.                         if($_SESSION['message_warning'] != "") {
  39.                             $msg = $_SESSION['message_warning'];
  40.                             $_SESSION['message_warning'] = "";
  41.                             echo "toastr.warning('$msg', 'Warning!');";
  42.                         }
  43.                      ?>
  44.             });
  45.     </script>
  46.     </div>
  47.     </body>
  48.  
  49.     </html>
  50.    
  51. if($update_statement) {
  52.       $_SESSION['message_success'] = "$_membername's Careplan has been successfully updated.";
  53.       echo "<script type='text/javascript'>window.location.href = '../clients.php';</script>";
  54.       //header("Location:". $redirect);
  55.       //exit();
  56.     }
  57.    
  58. <?php
  59. session_start();
  60. $message="";
  61. if(isset($_POST["login"])) {
  62.     $redirect = NULL;
  63.     if($_POST['redirect'] != '') {
  64.         $redirect = $_POST['redirect'];
  65.     }
  66.     if(empty($_POST['username']) || empty($_POST['password'])) {
  67.         $message = "Both fields must be filled out.";
  68.         $_SESSION['sysLogin'] = "$message";
  69.         header("location: ../login.php?redirect=" . urlencode($redirect));
  70.     } else {
  71.  
  72.         require('server_connection.inc');
  73.         $connection = connect_to_db(DB_SERVER, DB_UN, DB_PWD, DB_NAME);
  74.  
  75.         $user=mysqli_real_escape_string($connection, $_POST['username']);
  76.         $pass=mysqli_real_escape_string($connection, $_POST['password']);
  77.         $statement = "select * from Credentials where UserName='$user' AND Password='$pass';";
  78.         $result = $connection->query($statement);
  79.  
  80.         if($result->num_rows == 1) {
  81.             // lets determine the type of user that logged in
  82.             // if not employee but CEO, Manager, ETC, its an Admin
  83.             $employeeid = ($result->fetch_assoc())["EmployeeID"];
  84.             $check = "select Employees.Position, Employees.Name, Employees.ID from Credentials, Employees where (Credentials.EmployeeID = Employees.ID) AND Employees.ID = '$employeeid';";
  85.             $result_two = $connection->query($check);
  86.             if($result->num_rows == 1) {
  87.                 $the_row = $result_two->fetch_assoc();
  88.                 if($the_row["Position"] == "Employee") {
  89.                     $name = $the_row["Name"];
  90.                     $the_id = $the_row['ID'];
  91.                     $_SESSION['logon'] = true;
  92.                     $_SESSION['user'] = "$name";
  93.                     $_SESSION['type'] = "employee";
  94.                     $_SESSION['sysLogin'] = "success";
  95.                     $_SESSION['user_id'] = $the_id;
  96.                     mysqli_close($conection);
  97.                     if($redirect) {
  98.                           header("Location:". $redirect);
  99.                     } else {
  100.                         header("location: ../index.php");
  101.                     }
  102.                     exit();
  103.                 } else if($the_row["Position"] == "CEO" || $the_row["Position"] == "Manager") {
  104.                     $name = $the_row["Name"];
  105.                     $the_id = $the_row['ID'];
  106.                     $_SESSION['logon'] = true;
  107.                     $_SESSION['user'] = "$name";
  108.                     $_SESSION['type'] = "admin";
  109.                     $_SESSION['sysLogin'] = "success";
  110.                     $_SESSION['user_id'] = $the_id;
  111.                     mysqli_close($conection);
  112.                     if($redirect) {
  113.                             header("Location:". $redirect);
  114.                     } else {
  115.                         header("location: ../index.php");
  116.                     }
  117.                     exit();
  118.                 }
  119.             } else {
  120.                 $message = "Unable to Parse Employee. Please contact your sites Administrator.";
  121.                 $_SESSION['sysLogin'] = "$message";
  122.                 mysqli_close($conection);
  123.                 header("location: ../login.php?redirect=" . urlencode($redirect));
  124.             }
  125.         } else if($result->num_rows == 0){
  126.             $message = "Incorrect username or password";
  127.             $_SESSION['sysLogin'] = "$message";
  128.             mysqli_close($conection);
  129.             header("location: ../login.php?redirect=" . urlencode($redirect));
  130.         } else {
  131.             $message = "Database Login Error. Too many retrieved accounts. Please contact your sites Administrator.";
  132.             $_SESSION['sysLogin'] = "$message";
  133.             mysqli_close($conection);
  134.             header("location: ../login.php?redirect=" . urlencode($redirect));
  135.         }
  136.     }
  137. }
  138.  
  139. function write_to_log($message) {
  140.     $file = fopen("logfile.txt", "w") or die("Unable to open file!");
  141.     fwrite($file, "$messagen");
  142.     fclose($file);
  143. }
  144.  
  145. function connect_to_db($server, $username, $pwd, $dbname) {
  146.     $conn = mysqli_connect($server, $username, $pwd);
  147.     if(!$conn) {
  148.             echo "" . mysqli_error($conn);
  149.             exit;
  150.     }
  151.     $dbh = mysqli_select_db($conn, $dbname);
  152.     if(!$dbh) {
  153.         echo "" . mysqli_error($conn);
  154.         exit;
  155.     }
  156.     return $conn;
  157. }
  158. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top