dianefoster Posted February 28, 2017 Share Posted February 28, 2017 <?php // This page defines two functions used by login/logout function. /*This function determines an absolute URL, and redirects the user there. *The function takes one argument, the to be redirected to. *?the arguemnt defaults to index.php. */ function redirect_user ($page = "index.php") { // Start defining the URL. // URL is 'http:// ' . $_SERVER['HTTP_HOST'] . dirname ([$_SERVER['PHP_SELF']): $url = 'http://' . $_SERVER['localhost'] . medicalcenter($_SERVER['PHP_SELF']); // Remove the any trailing slashes; $url = rtrim($url,'/\\'); // Add the page: $url .= '/'. $page; // Redirect the user : header("Location: $url"); exit(); // Quit the script. } /// End of redirect user() function. /* This function validates the form data(the login and password). *If both are present ,the database is queried. * The functions require a database connection *the function returns an array of information,including: * - a TRUE/FALSE variable indicating success * - an array not either either errors or the database result */ function check_login($dbc, $login = '', $pwd = '') { $errors = array(); // Initialising error array. // Validate the login: if (empty($login)) { $errors[] = 'You forgot to enter your login'; } else { $login = mysqli_real_escape_string($dbc, trim($login)); } // Validate the password: if (empty($pwd)) { $errors[] = 'You forgot to enter your password'; } else { $pwd = mysqli_real_escape_string($dbc, trim($pwd)); } if (empty($errors)) {// If everything is OK. // Retrieve the PatientId and firstN for that login/password combination $q = "SELECT PatientId,firstN FROM Patient WHERE login = '$login' AND pwd = SHA1('$pwd')"; $r = @mysqli_query($dbc, $q); // Check the result if (mysqli_num_rows ($r) == 1) { // Fetch the records: $row = mysqli_fetch_array($r,MYSQLI_ASSOC); // Return true and the record: } else { // Not a match: $errors[] = 'Your login and password did not match those on file'; } } // End of empty($errors): // Return false and the errors: return array(false, $errors); } // End of check_login() function. <?php $thispage = "login"; include('header.html'); include('nav.php'); ?> </ul> </nav> <h1 id = "h1">Holistic Medical Centre</h1> <p>38 Warnervale Road</p> <p>Warnervale NSW 2290</p> <p>Phone 43-945-789</p> </header> <?php if (isset($errors) && !empty($errors)) { echo '<h1 class = "error">Error!</h1> <p class = "error">The following errors have occured<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p class ="error">Please try again</p><p><br/></p>'; } ?> <h1 id = "login">Login</h1> <form class = "login" action = "login.php" method = "post"> <p>Login:<input type = "text" name = "login" size = "2" maxlength = "2"/></p> <p>Password:<input type = "password" name = "pwd" size = "10" maxlength = "10"/></p> <p><input type = "submit" name = "submit" value = "login" id ="para5"/></p> </form> <?php include('footer.html'); ?> <?php // This script processes the login form submission // The script now uses sessions: // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need to two helper files require('includes/login_functions.inc.php'); require('../mysqli_connect.php'); // Check the login: list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']); if ($check) { //OK //Set the session data: session_start(); $_SESSION['PatientId'] = $data['PatientId']; $_SESSION['firstN'] = $data['firstN']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); redirect_user('loggedin.php'); } else { // Unsuccessful: // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysqli_close($dbc); // Close the database connection. } // End of the main submit conditionall // Create the page: include('includes/login_page.inc.php'); ?> <?php // This script processes the login form submission // The script now uses sessions: // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need to two helper files require('includes/login_functions.inc.php'); require('../mysqli_connect.php'); // Check the login: list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']); if ($check) { //OK //Set the session data: session_start(); $_SESSION['PatientId'] = $data['PatientId']; $_SESSION['firstN'] = $data['firstN']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); redirect_user('loggedin.php'); } else { // Unsuccessful: // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysqli_close($dbc); // Close the database connection. } // End of the main submit conditionall // Create the page: include('includes/login_page.inc.php'); ?> Link to comment Share on other sites More sharing options...
Larry Posted March 1, 2017 Share Posted March 1, 2017 Could you elaborate what it means when you say "won't work"? What doesn't happen that should? What shouldn't happen that does? What's going on in general. Any actual details you can provide would make this easier to debug. Link to comment Share on other sites More sharing options...
Recommended Posts