Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //If the form is submitted
- //If the form is submitted or not.
- if (isset($_POST['username']) and isset($_POST['password'])){
- //Start the Session
- session_start();
- require('dbconnection.php');
- //Assigning posted values to variables.
- $suername = $_POST['username'];
- $password = $_POST['password'];
- $staff_ic = $_POST['staff_ic'];
- // To protect MySQL injection
- $username = stripslashes($username); //+1
- $password = stripslashes($password);
- $staff_ic = stripslashes($staff_ic);
- $username = mysql_real_escape_string($username); //-1
- $password = mysql_real_escape_string($password);
- $staff_ic = mysql_real_escape_string($staff_ic);
- // Checking the values are existing in the database or not
- $query = "SELECT * FROM `staff` WHERE (username='$username'AND password='$password' AND staff_ic='$staff_ic')";
- //$result = mysql_query($query) or die(mysql_error($query));
- $result = mysql_query($query) or die(mysql_error($dbconn));
- $results = mysql_fetch_array($result);
- $leveluser = $results['level'];
- $_SESSION['leveluser'] = $leveluser;
- $count = mysql_num_rows($result);
- // If the posted values are equal to the database values, then session will be created for the user.
- if ($count == 1){
- $_SESSION['username'] = $username;
- }else{
- //?>
- //<script type="text/javascript">
- //alert('HARAP MAAF\nHarap Maaf. Nama pengguna atau kata laluan yang diberikan tidak dibenarkan.');
- //window.location="staff_login.php";
- //</script>
- //<?php
- // If the login credentials doesn't match, he will be shown with an error message.
- //$fmsg = "Invalid Login Credentials.";
- }
- }
- // if the user is logged in Greets the user with message
- if (isset($_SESSION['username'])){
- $username = $_SESSION['username'];
- echo "Hai " . $username . "
- ";
- echo "This is the Members Area
- ";
- if ($leveluser == 1 ) {
- header('Location: home_adminppkt.php');
- }elseif ($leveluser == 2) {
- header('Location: home_orgsv.php');
- }else {
- echo 'That information is incorrect, try again <a href="staff_login.php">Click Here</a>';
- header('Location: staff_login.php');
- }
- }
- // When the user visits the page first time, simple login form will be displayed.
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement