<?php/** * auth.php */require_once ("conf/connect.php");session_star

1. <?php
2. /**
3.  * auth.php
4.  */
5. require_once ("conf/connect.php");
6.  
7. session_start();
8.  
9. if (mysqli_connect_errno()) {
10.     print "Error connecting to db :" . mysqli_connect_errno();
11. }
12.  
13. $sql_stmt = "SELECT *,sponsor_id FROM system_user WHERE username='" . $_POST['username'] . "'AND password='" . $_POST['password'] . "'AND type='" . $_POST['correct'] . "'";
14. $rs = mysqli_query($db_connect, $sql_stmt);
15. $row = mysqli_fetch_array($rs);
16.  
17. // close connection
18.  
19. mysqli_close($db_connect);
20.  
21. if ((mysqli_num_rows($rs) > 0) && ($_POST['correct'] == "1")) {
22.     $_SESSION['authenticated'] = TRUE;
23.     $_SESSION['username'] = $_POST['username'];
24.  
25.     // time log
26.  
27.     header('Location:admin/manage_user/log.php?user="' . $_POST['username'] . '"&hey="' . $_POST['password'] . '"&test3="' . $_POST['correct'] . '"');
28.     exit;
29. }
30. elseif ((mysqli_num_rows($rs) > 0) && ($_POST['correct'] == "2")) {
31.     $_SESSION['authenticated'] = TRUE;
32.     $_SESSION['username'] = $_POST['username'];
33.  
34.     // time log
35.  
36.     header('Location:staff/log.php?userid="' . $row['id'] . '"');
37.     exit;
38. }
39. elseif ((mysqli_num_rows($rs) > 0) && ($_POST['correct'] == "3")) {
40.     $_SESSION['authenticated'] = TRUE;
41.     $_SESSION['username'] = $_POST['username'];
42.  
43.     // time log
44.  
45.     header('Location:sponsor/log.php?userid="' . $row['id'] . '"');
46.     exit;
47. }
48. else {
49.  
50.     // not authenticated
51.     // redirect users to index.php (login page)
52.  
53.     $_SESSION['err'] = "Invalid Username and Password";
54.     header('Location:index.html');
55.     exit;
56. }
57.  
58. /**** end of file authenticate.php **/