My favorites | Sign in
Project Home Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions

Issue 15 attachment: login_form.php (3.4 KB)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
/*
* Copyright 2013 by Jerrick Hoang, Ivy Xing, Sam Roberts, James Cook,
* Johnny Coster, Judy Yang, Jackson Moniaga, Oliver Radwan,
* Maxwell Palmer, Nolan McNair, Taylor Talmage, and Allen Tucker.
* This program is part of RMH Homebase, which is free software. It comes with
* absolutely no warranty. You can redistribute and/or modify it under the terms
* of the GNU General Public License as published by the Free Software Foundation
* (see <http://www.gnu.org/licenses/ for more information).
*
*/
?><?php
/*
* Created on Mar 28, 2008
* @author Oliver Radwan <oradwan@bowdoin.edu>, Sam Roberts, James Cook
* @version 3/28/2008, revised 10/1/2013
*/
?>
</div>
<div id="content">
<?PHP
include_once('database/dbStaff.php');
include_once('domain/Staff.php');
if (($_SERVER['PHP_SELF']) == "/logout.php") {
//prevents infinite loop of logging in to the page which logs you out...
echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
}
if (!array_key_exists('_submit_check', $_POST)) {
echo('<div align="left"><p>Access to ForestdaleAppointment Manager requires a Username and a Password. ' . '<ul>' );

echo '</ul>';
echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
} else {
// authenticate id and password against staff table
$db_pass = md5($_POST['pass']);
$db_id = $_POST['user'];
$staff = retrieve_staff($db_id);
if ($staff) { //avoids null results
if ($staff->get_password() == $db_pass) //if the passwords match, login
{
$_SESSION['logged_in'] = 1;

$_SESSION['access_level'] = 2; // access level for staff - right now, it is the only access level
$_SESSION['f_name'] = $staff->get_first_name();
$_SESSION['l_name'] = $staff->get_last_name();

$_SESSION['_id'] = $_POST['user'];
echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
}
else {
error_log('invalid username or password '.$user.' '.$pass);
echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');

echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
}
}
} // end processing submitted form

?>
<?PHP include('footer.inc'); ?>
</div>
</div>
</body>
</html>
Powered by Google Project Hosting