Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // creating error message variable
- $errorMessage = '';
- // ensuring page is not cached
- require_once("nocache.php");
- // check that the form has been submitted
- if(isset($_POST['submit'])) {
- // check that employee and password were entered
- if(empty($_POST['employeeid']) || empty($_POST['pword'])) {
- // display error message if strings are empty
- $errorMessage = "*Both employee ID and password are required to login.";
- } else {
- // connect to the database
- require_once('conn.php');
- // parse username and password for special characters
- $employeeid= $dbConn->escape_string($_POST['employeeid']);
- $password = $dbConn->escape_string($_POST['pword']);
- // hash the password so it can be compared with the db value
- $hashedPassword = hash('sha256', $password);
- // query the db
- $sql = "SELECT * FROM staff WHERE employee_id = '$employeeid' AND password= '$hashedPassword'";
- $rs = $dbConn->query($sql);
- // check number of rows in record set
- if($rs->num_rows) {
- // start a new session for the user
- session_start();
- // store the employee details in session variables
- $employeeid = $rs->fetch_assoc();
- $_SESSION['who'] = $employeeid['employeeid'];
- $_SESSION['who'] = $employeeid['category'];
- // redirect the user to the secure page
- header('Location: findpatient.php');
- } else {
- // display error message if wrong username and password
- $errorMessage = "*The Employee ID or Password entered is invalid.";
- }
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta charset="utf-8">
- <title>Glebe Family Medical Practice Patient Records Application</title>
- <link rel="stylesheet" href="style.css">
- </head>
- <body>
- <h1>Glebe Family Medical Practice Patient Record Application</h1>
- <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
- <div class="input-box">
- <label for="employeeid">Employee ID:</label>
- <input type="text" name="employeeid" maxlength="50" id="employeeid">
- </div>
- <div class="input-box">
- <label for="pword">Password:</label>
- <input type="password" name="pword" maxlength="20" id="pword">
- </div>
- <p class="error-php"><?php echo $errorMessage;?></p>
- <div class="input-box">
- <input type="submit" value="Login" name="submit">
- </div>
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement