<!-- login.php --><?php $username = $_POST['un']; $password = $_POST['pw']

1. <!-- login.php -->
2. <?php
3. $username = $_POST['un'];
4. $password = $_POST['pw'];
5. $errmsg = '';
6.  
7. // Check username & password (server side validation)
8. if(strlen($username) == 0 && strlen($password) == 0) { // first time login or didn't fill anything
9. $errmsg = '';
10. } elseif(strlen($username) == 0) {
11. $errmsg = 'Invalid Login';
12. } elseif(strlen($password) == 0) {
13. $errmsg = 'Invalid Login';
14. }
15.  
16. // Connect to DB, validate username & password
17. if(strlen($username) > 0 && strlen($password) > 0) { // validate only both have values
18. $sql = "SELECT userType FROM usersTable WHERE username = '$username' AND password = '$password'";
19. $con = mysql_connect('cs-server.usc.edu:51517', 'root', '');
20. if(!$con) {
21. die("<body><p>connection to DB failed.</p></body>");
22. }
23. mysql_select_db('cs571_db', $con);
24. $res = mysql_query($sql);
25. if(!($row = mysql_fetch_array($res))) {
26. // un & pw are not valid
27. $errmsg = 'Invalid Login';
28. }
29. }
30.  
31. // Decide where to go: go back to login page or userType page
32. if(strlen($errmsg) > 0) { // send back preLogin.html & postLogin.html with errmsg
33. // Login Failed
34. require("preLogin.html");
35. echo "<p>$errmsg</p>";
36. require("postLogin.html");
37.  
38. } elseif(!$res) { // send back preLogin.html & postLogin.html
39. // The very first time
40. require("preLogin.html");
41. require("postLogin.html");
42.  
43. } else { // login success
44. // decide which page to go
45. if($row['userType'] == 'administrator') {
46. echo "admin";
47. } elseif($row['userType'] == 'manager') {
48. echo "manager";
49. } elseif($row['userType'] == 'employee') {
50. echo "employee";
51. }
52. }
53.  
54. if(strlen($username) > 0 && strlen($password) > 0) {
55. // close connection in the end
56. mysql_close($con);
57. }
58. ?>