Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!-- login.php -->
- <?php
- $username = $_POST['un'];
- $password = $_POST['pw'];
- $errmsg = '';
- // Check username & password (server side validation)
- if(strlen($username) == 0 && strlen($password) == 0) { // first time login or didn't fill anything
- $errmsg = '';
- } elseif(strlen($username) == 0) {
- $errmsg = 'Invalid Login';
- } elseif(strlen($password) == 0) {
- $errmsg = 'Invalid Login';
- }
- // Connect to DB, validate username & password
- if(strlen($username) > 0 && strlen($password) > 0) { // validate only both have values
- $sql = "SELECT userType FROM usersTable WHERE username = '$username' AND password = '$password'";
- $con = mysql_connect('cs-server.usc.edu:51517', 'root', '');
- if(!$con) {
- die("<body><p>connection to DB failed.</p></body>");
- }
- mysql_select_db('cs571_db', $con);
- $res = mysql_query($sql);
- if(!($row = mysql_fetch_array($res))) {
- // un & pw are not valid
- $errmsg = 'Invalid Login';
- }
- }
- // Decide where to go: go back to login page or userType page
- if(strlen($errmsg) > 0) { // send back preLogin.html & postLogin.html with errmsg
- // Login Failed
- require("preLogin.html");
- echo "<p>$errmsg</p>";
- require("postLogin.html");
- } elseif(!$res) { // send back preLogin.html & postLogin.html
- // The very first time
- require("preLogin.html");
- require("postLogin.html");
- } else { // login success
- // decide which page to go
- if($row['userType'] == 'administrator') {
- echo "admin";
- } elseif($row['userType'] == 'manager') {
- echo "manager";
- } elseif($row['userType'] == 'employee') {
- echo "employee";
- }
- }
- if(strlen($username) > 0 && strlen($password) > 0) {
- // close connection in the end
- mysql_close($con);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement