-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
143 lines (124 loc) · 4.38 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
// Include db config
require_once 'db.php';
// Init vars
$email = $password = '';
$email_err = $password_err = '';
// Process form when post submit
if($_SERVER['REQUEST_METHOD'] === 'POST'){
// var_dump($_POST);die;
// Sanitize POST
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
// Put post vars in regular vars
$email = trim($_POST['email']);
$password = trim($_POST['password']);
// Validate email
if(empty($email)){
$email_err = 'Please enter email';
}
// Validate password
if(empty($password)){
$password_err = 'Please enter password';
}
// Make sure errors are empty
if(empty($email_err) && empty($password_err)){
// Prepare query
$sql = 'SELECT name, email, password,level FROM users WHERE email = :email';
// Prepare statement
if($stmt = $pdo->prepare($sql)){
// Bind params
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
// Attempt execute
if($stmt->execute()){
// Check if email exists
if($stmt->rowCount() === 1){
if($row = $stmt->fetch()){
$hashed_password = $row['password'];
if(password_verify($password, $hashed_password)){
// SUCCESSFUL LOGIN
session_start();
// var_dump($row);die;
$_SESSION['email'] = $email;
$_SESSION['name'] = $row['name'];
$_SESSION['level'] = $row['level'];
if( $_SESSION['level'] == 'admin'){
header('location: admin/index.php');
}
if( $_SESSION['level'] == 'staff'){
header('location: staff/index.php');
}
} else {
// Display wrong password message
$password_err = 'The password you entered is not valid';
}
}
} else {
$email_err = 'No account found for that email';
}
} else {
die('Something went wrong');
}
}
// Close statement
unset($stmt);
}
// Close connection
unset($pdo);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<!-- <link href="img/logo/logo.png" rel="icon"> -->
<title>BakMan - Login</title>
<link href="css/all.min.css" rel="stylesheet" type="text/css">
<link href="css/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="css/ruang-admin.min.css" rel="stylesheet">
</head>
<body class="bg-gradient-login">
<!-- Login Content -->
<div class="container-login">
<div class="row justify-content-center">
<div class="col-xl-10 col-lg-12 col-md-9">
<div class="card shadow-sm my-5">
<div class="card-body p-0">
<div class="row">
<div class="col-lg-12">
<div class="login-form">
<div class="text-center">
<h1 class="h4 text-gray-900 mb-4">Bakery Management System Login</h1>
</div>
<form class="user" method="post">
<div class="form-group">
<input type="email" class="form-control" id="exampleInputEmail" aria-describedby="emailHelp"
placeholder="Enter Email Address" name="email">
</div>
<div class="form-group">
<input type="password" class="form-control" id="exampleInputPassword" name="password" placeholder="Password">
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary btn-block">Login
</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Login Content -->
<script src="js/jquery.min.js"></script>
<script src="js/bootstrap.bundle.min.js"></script>
<!-- <script src="vendor/jquery-easing/jquery.easing.min.js"></script> -->
<script src="js/ruang-admin.min.js"></script>
</body>
</html>