// Login Ajax Code$( "#content" ).on("submit", "#loginform", function( event )

1. // Login Ajax Code
2. $( "#content" ).on("submit", "#loginform", function( event ) {
3. // Stop normal form behaviour
4. event.preventDefault();
5. // Retrieve input fields and their values
6. var $form = $( this ),
7. $username = $form.find( "input[name='username']" ).val(),
8. $userpassword = $form.find( "input[name='userpassword']" ).val(),
9. url = $form.attr( "action" );
10. // Post above values to the action of the form
11. var posting = $.post( url, { username: $username, userpassword: $userpassword} );
12. // Show result in a div
13. posting.done(function( data ) {
14. obj = JSON.parse(data);
15. if(obj.userdata == ''){
16. $( "#loginresult" ).empty().slideDown('fast').append( obj.message );
17. }else if(obj.userdata == 'admin'){
18. window.location.href = "http://www.vcaweb.nl/admin";
19. }else if(obj.userdata == 'user'){
20. window.location.href = "http://www.vcaweb.nl/dashboard";
21. }
22. }, "json");
23. });
24.  
25. <?php
26. session_start();
27.  
28. *connection class is here*
29. $conn = new Connection;
30.  
31. $username = $_POST['username'];
32. $userpassword = $_POST['userpassword'];
33.  
34. *error messages code not relevant*
35. else{
36. //Both filled in, begin logincode:
37. $getuser = "
38. SELECT u.id as userid, u.username, u.rights, u.password, c.name, c.userid as companyuid, c.logo
39. FROM users u
40. LEFT JOIN company c
41. ON u.id = c.userid
42. WHERE u.username = '".$conn->real_escape_string($username)."'";
43. $getusercon = $conn->query($getuser);
44. $getuser = $getusercon->fetch_assoc();
45.  
46. if(!empty($getuser['logo'])){
47. $sessionlogo = str_replace('/home/vcaweb/public_html/', '', $getuser['logo']);
48. }else{
49. $sessionlogo = 'Hier een placeholder';
50. }
51.  
52. if($userpassword == $getuser['password']){
53. if($getuser['rights'] == '1'){
54. $_SESSION['userdata']['user'] = 'Mark Kraaijo';
55. $_SESSION['userdata']['rights'] = '1';
56. $_SESSION['userdata']['logo'] = 'assets/images/logo.png';
57. $loginresult = array(
58. 'login_result' => 'success',
59. );
60. $logindata = array(
61. 'userdata' => 'admin',
62. );
63. echo json_encode($logindata);
64. }else{
65. $_SESSION['userdata']['user'] = $getuser['name'];
66. $_SESSION['userdata']['rights'] = '0';
67. $_SESSION['userdata']['logo'] = $sessionlogo;
68. $loginresult = array(
69. 'login_result' => 'success',
70. );
71. $logindata = array(
72. 'userdata' => 'user',
73. );
74. echo json_encode($logindata);
75. }
76. }else{
77. $logindata = array(
78. 'userdata' => '',
79. 'message' => 'Wachtwoord en gebruikersnaam komen niet overeen',
80. );
81. echo json_encode($logindata);
82. }
83. }
84. ?>
85.  
86. // Check if session is set
87. if(isset($_SESSION['userdata'])){
88. // Check if user is admin, if yes and user has rights to visit page, redirect to loginpage
89. if($_SESSION['userdata']['rights'] == '0' && $restriction == 'admin'){
90. header('Location: http://www.vcaweb.nl/login');
91. }
92. // Logo
93. $logo = '<img class="headerlogo" src="'.$_SESSION['userdata']['logo'].'">';
94. }else{
95. header('Location: http://www.vcaweb.nl/login');
96. }
97.  
98. session_unset();
99. session_destroy();