This repository was archived by the owner on Jun 3, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.php
More file actions
50 lines (46 loc) · 1.61 KB
/
auth.php
File metadata and controls
50 lines (46 loc) · 1.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
include("config.php");
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
$username = test_input($_POST['username']);
$password = test_input($_POST['password']);
$stmt = $conn->prepare("SELECT `password` FROM Users WHERE `username` = ?");
$stmt -> bind_param("s", $username);
$stmt->execute();
$stmt-> store_result();
$stmt->bind_result($result);
$stmt->fetch();
$stmt->close();
if (password_verify($password, $result)) {
$cookie_value = $username;
$sql = "SELECT `user_id` FROM Users WHERE `username` = '$username'";
$result = $conn->query($sql) or die($conn->error);
$row = $result->fetch_assoc();
setcookie("user", $cookie_value, time() + (3600), "/");
setcookie("user_id",$row['user_id'],time() + (3600), "/");
$sql = "SELECT `status` FROM Users WHERE `username` = '".$username."'";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
if ($row["status"] == "teacher") {
//header('Location: SchoolBoardTeacherAccount.php');
header('Location: SchoolBoardAccountPage.php');
}
else if ($row["status"] == "student") {
header('Location: SchoolBoardAccountPage.php');
}
else {
include("SchoolBoardLogInPage.html");
echo "<script type='text/javascript'>alert(There's something wrong with your account. Please contact your SchoolBoard administrator.);</script>";
}
}
else {
include("SchoolBoardLogInPage.html");
echo "<script type='text/javascript'>alert('Sorry! That username/password combination is incorrect, please try again');</script>";
}
}
?>