Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Start session
- session_start();
- //Include database connection details
- require_once('detail.php');
- //Array to store validation errors
- $errmsg_arr = array();
- //Validation error flag
- $errflag = false;
- //Function to sanitize values received from the form. Prevents SQL injection
- //function clean($str) {
- // $str = @trim($str);
- // if(get_magic_quotes_gpc()) {
- // $str = stripslashes($str);
- // }
- // return mysql_real_escape_string($str);
- //}
- //Sanitize the POST values
- //$username = clean($_POST['username']);
- //$password = clean($_POST['password']);
- //Input Validations
- $username = $_POST['username'];
- $password = $_POST['password'];
- if($username == '') {
- echo ("Your username or password seem to be incorrect. Please try again.");
- }
- if($password == '') {
- echo ("Your username or password seem to be incorrect. Please try again.");
- }
- //If there are input validations, redirect back to the login form
- if($errflag) {
- $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
- session_write_close();
- header("location: login2.php");
- exit();
- }
- //Create query
- $qry="SELECT * FROM client WHERE client_username='$username' AND password='$password'";
- $result=mysqli_query($db,$qry);
- //$qry2="SELECT employee FROM client WHERE client_username='$username'";
- //$result2=mysqli_query($db,$qry2);
- $row = mysqli_fetch_assoc($result);
- //echo $row['employee'];
- // echo "AAA";
- //Check whether the query was successful or not
- if($result) {
- if(mysqli_num_rows($result) > 0) {
- //Login Successful
- session_regenerate_id();
- $client = mysqli_fetch_assoc($result);
- $_SESSION['SESS_MEMBER_ID'] = $client['mem_id'];
- $_SESSION['SESS_FIRST_NAME'] = $client['client_username'];
- $_SESSION['SESS_LAST_NAME'] = $client['password'];
- $_SESSION['SESS_CLEARANCE']=$client['employee'];
- session_write_close();
- if(0==$row['employee'])
- {
- echo"AAA";
- //header("location: home.php");
- }
- else if(1==$row['employee'])
- {
- echo "BBB";
- //header("location: employeehome.php");
- }
- /*}else {
- //Login failed
- $errmsg_arr[] = 'user name and password not found';
- $errflag = true;
- if($errflag) {
- $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
- session_write_close();
- header("location: login2.php");
- exit();
- }
- }
- */}else {
- die("Query failed");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement