<!DOCTYPE html> <!-- This is a html file for logging in to the virtual advise

1. <!DOCTYPE html>
2. <!-- This is a html file for logging in to the virtual adviser -->
3. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4. <head>
5. <meta charset="UTF-8">
6. <title> Pet Tracker Login</title>
7. <link rel="stylesheet" type="text/css" media='screen' href="css/login.screen.css">
8. </head>
9. <body>
10. <!-- The div that displays the login form-->
11. <div class="login">
12. <h1><strong>Welcome to the Pet Tracker System</strong></h1>
13. <form action="validateLogin.php" method="POST">
14. <fieldset>
15. <label for="user">Username</label>
16. <p><input type="text" required id = "user" name = "Username" value=""></p>
17. <label for="pass">Password</label>
18. <p><input type="password" required id = "pass" name = "Password" value=""></p>
19. <!-- <p><a href="#">Forgot Password?</a></p> -->
20. <p><input type="submit" value="Login"></p>
21. </fieldset>
22. </form>
23. <!-- include the logo with green background -->
24. <img src="images/threeDeePawPrint.png" alt="paw Logo" style="width:194px;height:97px" class = "center">
25. </div>
26. </body>
27. </html>
28.  
29. <?php
30. // start the session for this page and create the array to hold error messages
31. session_start();
32. $errmsg_arr = array();
33. $errflag = false;
34.  
35. $username = 'root';
36. $password = '';
37. $url = 'localhost';
38. $database = 'pet_tracker';
39.  
40. /* Note that above variables are using single quote for string. When they
41. get replaced in the connection statement below, single quotes within
42. single quotes will fail, therefore, the string argument in $conn= statement
43. must be double quotes
44. */
45.  
46. try
47. {
48. $conn = new PDO("mysql:host=$url; dbname=$database",$username,$password); //create PDO object (PHP Data Objects = PDO)
49. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*set the attribute that controls the error mode once the database
50. has been connected to, so that it throws exceptions (PDO switches to
51. "silent failure" mode after establishing a successful connection) */
52. $conn->exec('SET NAMES "utf8"'); /* PDO has a method exec that runs SQL scripts. Configure the character
53. encoding to UTF-8 for special characters like smart quotes */
54.  
55. }
56. catch (PDOException $e)
57. {
58. echo $e;
59. $output = 'Unable to connect to the database server.'. //the '.' is the concatenation operator for a string
60. $e->getMessage(); //the '->' is the equivalent of the dot operator in Java
61. include 'error.html.php';
62. exit();
63. }
64.  
65. //get the username and password posted from the login page (index.php)
66. if(isset($_POST['user'])) echo 'index user has value'.$_POST['user'];
67. if(isset($_POST['pass'])) echo 'index user has value'.$_POST['pass'];
68.  
69. $user = $_POST['user'];
70. $pass = $_POST['pass'];
71.  
72.  
73. //query the database for the posted data from form
74. $result = $conn->prepare("SELECT * FROM client WHERE username= :un AND password= :pw");
75. $result->bindParam(':un', $user);
76. $result->bindParam(':pw', $pass);
77. $result->execute();
78. $rows = $result->fetch(PDO::FETCH_NUM);
79. if($rows > 0)
80. {
81. $result = $conn->prepare("SELECT * FROM client WHERE username = :un"); //PDO can only handle a row of data at a time?? Cannot select first_name from students, etc.??
82. $result->bindParam(':un',$user);
83. $result->execute();
84. $name = $result->fetchColumn(1);
85. $_SESSION['name'] = $name;
86. $_SESSION['user'] = $user; //the next page employee.php will need the username to get information from the database
87. header("location: employee.php");
88. }
89. else{
90. $errmsg_arr[] = 'Username and Password are not found';
91. $errflag = true;
92. }
93.  
94. if($errflag) {
95. $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
96. session_write_close();
97. header("location: index.php");
98. exit();
99. }
100. ?>