-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
executable file
·101 lines (94 loc) · 3.58 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?php
include "includes/connection.php";
session_start();
if (isset($_POST['login'])) {
if (isset($_POST['empId']) && isset($_POST['password'])) {
$empId = ($_POST['empId']);
$password = ($_POST['password']);
//insert into logins table
$logins = mysqli_query($link, "INSERT INTO tbl_logins(empId)VALUES('$empId')") or die(mysqli_error());
//check if employee exists
$checkEmp = mysqli_query($link, "SELECT * FROM tbl_employees WHERE empId='" . $empId . "' ") or die(mysqli_error());
$count = mysqli_num_rows($checkEmp);
$row = mysqli_fetch_array($checkEmp);
if ($count == 1) {
//verify password
if (password_verify($password, $row['password'])) {
if (isset($_POST['remme'])) {
setcookie('user', $empId, time() + 60 * 60 * 24 * 365, '/');
setcookie('pass', md5($password), time() + 60 * 60 * 24 * 365, '/');
}
$_SESSION['employeeId'] = $row['empId'];
$_SESSION['name'] = $row['name'];
$_SESSION['category'] = $row['category'];
header("location:cashier/");
} else {
$errorMsg = "Wrong Password";
}
} elseif ($count > 1) {
$errorMsg = " Kindly see the admin for error rectification ";
} else {
$errorMsg = "You are not allowed to use this system";
}
} else {
$errorMsg = "You are not allowed to use this system";
}
}
/***
*
* 1.check if user exist
* 2.verify the details
* 3.create a cookie
***/
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php include "includes/header-scripts.php"; ?>
</head>
<body class="bg-dark">
<div class="container">
<div class="card card-login mx-auto mt-5">
<div class="card-header">Login</div>
<div class="card-body">
<?php
if (isset($errorMsg)) {
echo "<div class='alert-danger'>";
echo $errorMsg;
echo "</div>";
unset($errorMsg);
}
if (isset($_GET['logout'])) {
echo "<div class='alert-success'>";
echo "Logout successful.";
echo "</div>";
}
?>
<form action="" method="POST">
<div class="form-group">
<label for="exampleInputEmail1">Employee Id</label>
<input class="form-control" type="text" name="empId" placeholder="Employee Id" required>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input class="form-control" type="password" name="password" placeholder="Password" required>
</div>
<div class="form-group">
<div class="form-check">
<label class="form-check-label">
<input class="form-check-input" name="remme" value="1" type="checkbox"> Remember
Password</label>
</div>
</div>
<button type="submit" class="btn btn-primary btn-block" name="login">Login</button>
</form>
<div class="text-center">
<a class="d-block small mt-3" href="register.php">Register an Account</a>
<a class="d-block small" href="reset-password.php">Forgot Password?</a>
</div>
</div>
</div>
</div>
<?php include "includes/footer-scripts.php" ?>
</body>
</html>