<?phpsession_start();if(isset($_POST['submit'])) { include "../storescr

1. <?php
2.  
3. session_start();
4.  
5. if(isset($_POST['submit'])) {
6.  
7. include "../storescripts/connect_to_mysql.php";
8. $con = mysqli_connect("$db_host","$db_username","$db_pass","$db_name");
9. $username = mysqli_real_escape_string($con, $_POST['username']);
10. $password = mysqli_real_escape_string($con, $_POST['password']);
11.  
12. //Error handler
13. //Check for empty fields
14. if (empty($username) || empty($password)) {
15. header("Location: ../admin_login.php?admin_login=empty");
16. exit();
17. } else {
18. //Check if charactors are valid
19. if (!preg_match("/^[a-zA-Z0-9]*$/", $username) || !preg_match("/^[a-zA-Z0-9]*$/", $password)) {
20. header("Location: ../admin_login.php?admin_login=invalid");
21. exit();
22. } else {
23. $sql = "SELECT * FROM admin WHERE username = '$username'' AND password = '$password'";
24. $result = mysqli_query($con, $sql);
25. $resultCheck = mysqli_num_rows($result);
26. if ($resultCheck < 1) {
27. header("Location: ../admin_login.php?admin_login=invalid");
28. exit();
29. } else {
30. if ($row = mysqli_fetch_assoc($result)) {
31.  
32. $_SESSION['manager'] = $row['username'];
33. $_SESSION['manager_pwd'] = $row['password'];
34. header("Location: admin_index.php"); //relocate to index
35. page
36. exit();
37. } else{
38. echo 'username and password invalid. Please try again';
39. }
40. }
41. }
42. }
43.  
44. } else{
45. header("Location: ../admin_login.php");
46. exit();
47. }
48. ?>
49. <!DOCTYPE html>
50. <html>
51. <head>
52. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
53. <title>Admin Log In </title>
54. <link rel="stylesheet" href="../style.css" type="text/css" media="screen" />
55. </head>
56.  
57. <body>
58. <div align="center" id="mainWrapper">
59. <div id="pageContent"><br />
60. <div align="left" style="margin-left:24px;">
61. <h2>Please Log In To Manage the Store</h2>
62. <form id="form1" name="form1" method="POST" action="admin_login.php">
63. User Name:<br />
64. <input name="username" type="text" id="username" size="40" />
65. <br /><br />
66. Password:<br />
67. <input name="password" type="password" id="password" size="40" />
68. <br />
69. <br />
70. <br />
71.  
72. <input type="submit" name="button" id="button" value="Log In" />
73.  
74. </form>
75. <p>&nbsp; </p>
76. </div>
77. <br />
78. <br />
79. <br />
80. </div>
81. </div>
82. </body>
83. </html>