<?php/*Login handled here*/$servername = "localhost";$usernameDB = "root";$p

1. <?php
2. /*Login handled here*/
3. $servername = "localhost";
4. $usernameDB = "root";
5. $passwordDB = "";
6. $nameDB = "teacheasy";
7.  
8. //set user and password to values from form
9. if ( isset($_POST['username']) && isset($_POST['password']) ) {
10. $user = $_POST['username'];
11. $pass = $_POST['password'];
12. } else {
13. echo "The values weren't sent";
14. }
15.  
16. //connect to the database
17. $_SESSION['connection'] = new mysqli($servername, $usernameDB, $passwordDB,$nameDB);
18.  
19. //Check if the connection was successful
20. if($_SESSION['connection']->connect_error){
21. die("Connection to the database failed: " . $_SESSION['connection']->connect_error);
22. } else{
23. //once the DB is connected, get information from the DB to check the records against the data entered
24. $sqlUser = "SELECT `teacher_username` FROM `teacher` WHERE `teacher_username`='$user'";
25. $sqlPass = "SELECT `password` FROM `teacher` WHERE `password`='$pass'";
26. $resultUser = mysqli_query($_SESSION['connection'], $sqlUser);
27. $resultPass = mysqli_query($_SESSION['connection'], $sqlPass);
28. $textUser = $resultUser->fetch_assoc();
29. $textPass = $resultPass->fetch_assoc();
30.  
31. //get first name and last name to populate the user
32. $sqlUserFirstName = "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'";
33. $sqlUserLastName = "SELECT `last_name` FROM `teacher` WHERE `teacher_username`='$user'";
34. $resultUserFirstName = mysqli_query($_SESSION['connection'], $sqlUserFirstName);
35. $resultUserLastName = mysqli_query($_SESSION['connection'], $sqlUserLastName);
36. $_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
37. $_SESSION['userLastName'] = $_POST[$resultUserLastName->fetch_assoc()];
38.  
39. //check if the user and password match records in the database
40. if($user == $textUser['teacher_username'] && $pass == $textPass['password']){
41. //open the calendar if they match
42. echo "<script> window.location.assign('../calendar.php'); </script>";
43. } else{
44. //set this up to load a log in failed page rather than a blank page with error message
45. echo "The data entered has no match.";
46. }
47.  
48. }
49.  
50. $user = $_POST['username']
51. // "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'" // SQL injection here
52. $_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
53.  
54. $_SESSION['userFirstName'] = $resultUserFirstName->fetch_assoc()['first_name'];
55.  
56. $_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];