dianefoster

edit.php <?php session_start(); if( !isset($_SESSION['empID']) ) { header("Location: login.php"); exit; } elseif ( (isset($_SESSION['empID'])) && !$_GET['empID']){ header("Location: update.php?user=" . $_SESSION['empID']); } else{ // select loggedin users detail $res=mysql_query("SELECT * FROM Staff WHERE empID=".$_SESSION['empID']); $userRow=mysql_fetch_array($res); $id = $_GET['empID']; } $thisPage = "edit"; include('includes/header.html'); include('includes/nav1.php'); echo '<h1>Edit Patients</h1>'; require_once('../mysqli_connect.php'); $q = "SELECT firstN, lastN,street,suburb, state,pc, phone,email,patientID FROM Patient ORDER BY firstN"; $r = @mysqli_query($dbc, $q); $num = mysqli_num_rows($r); if($num > 0){ echo "<p>There are currently $num registered patients</p>"; echo '<table> <tr> <td class = "red">Edit</td><td class = "red">Delete</td><td class = "red">First name</td><td class = "red">Last name</td> <td class = "red">Street</td><td class = "red">Suburb</td><td class = "red">State</td><td class = "red">Postcode</td><td class = "red"> Phone</td><td class = "red">Email</td></tr>'; while($row = mysqli_fetch_array($r,MYSQLI_ASSOC)) { echo '<tr> <td class = "red"><a href ="update.php?id=' . $row['patientID'] . '">Update</td> <td class = "red"><a href ="update.php?id='. $row['patientID'] . '">Delete</td> <td class = "red">' . $row['firstN'] . '</td> <td class = "red">' .$row['lastN'] . '</td> <td class = "red">' . $row['street'] . '</td> <td class = "red">' . $row['suburb'] . '</td> <td class = "red">' . $row['state'] . '</td> <td class = "red">' . $row['pc']. '</td> <td class = "red">' . $row['phone'] . '</td> <td class = "red">' . $row['email'] . '</td> </tr>'; } echo '</table>'; mysqli_free_result($r); } else { echo '<p class = "error">There are currently no patients</p>'; } mysqli_close($dbc); echo '<p><a href = "logout.php">Logout</a></p>'; include('includes/footer.html'); ?> update.php <?php if((isset($_GET['empID'])) && (is_numeric($_GET['empID']))) { $id = $_GET['empID']; } elseif((isset($_POST['empID'])) && (is_numeric($_POST['empID']))) { $id = $_POST['empID']; } else { echo '<p class = "error">This page has been accessed in error</p>'; include('includes/footer.html'); exit(); } $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); require_once('../mysqli_connect.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); if(empty($_POST['firstN'])) { $errors[] = 'You forgot to enter your first name'; } else { $fn = mysqli_real_escape_string($dbc, trim($_POST['firstN'])); } if(empty($_POST['lastN'])) { $errors[] = 'You forgot to enter your last name'; } else { $ln = mysqli_real_escape_string($dbc,trim($_POST['lastN'])); } if(empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address'; } else { $e = mysqli_real_escape_string($dbc, trim($_POST['email'])); } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE email = '$e' AND patientID!=$id"; $r = @mysqli_query($dbc,$q); if(mysqli_num_rows($r) == 0) { $q = "UPDATE Patient SET firstN = '$fn', lastN = '$ln', email = '$e' WHERE patientID=$id LIMIT 1"; $r = @mysqli_query($dbc,$q); if(mysqli_affected_rows($dbc) == 1) { echo '<p>The patient has been updated</p>'; } else { echo '<p class = "error">The patient could not be updated due to a system error</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } } else { echo '<p class = "error">The email address has already been registered</p>'; } } else { echo '<p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p>'; } } $q = "SELECT firstN, lastN, email FROM Patient WHERE patientID=$id"; $r = @mysqli_query($dbc,$q); if(mysqli_num_rows($r) == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); echo '<h1>Update Patient</h1>'; echo '<form action = "edit_user.php" method = "post"> <p>First Name: <input type="text" name="firstN" size="15" maxlength="15" value ="'. $row[0] . '"/></p> <p>Last Name: <input type="text" name="lastN" size="15" maxlength="30"value ="'. $row[1] . '"/></p> <p>Email Address:<input type="text" name="email" size="20" maxlength="60" value ="' . $row[2] . '" /> </p> <p><input type="submit" name="submit" value="Submit" /></p> <input type="hidden" name="id" value="' . $id . '" /> </form>'; } else { echo '<p class = "error">This page has been accessed in error</p>'; } mysqli_close($dbc); echo "<p><a href=\"edit.php\">Edit Patients</a></p>"; ?> database /* Starting file for PHP assignment 2 Margaret Vallance May 2017 */ DROP DATABASE IF EXISTS DF_HMC; CREATE DATABASE DF_HMC; USE DF_HMC; CREATE TABLE Staff( empID CHAR(3), empFirst VARCHAR(20), empLast VARCHAR(30), empUserName VARCHAR(12) NOT NULL, empPassword CHAR(40) NOT NULL, empSecurity CHAR(1) DEFAULT 'U', /* U=User M=Manager */ PRIMARY KEY (empID) ); INSERT INTO Staff VALUES ('AAA', 'Alan', 'Anderson', 'anders', SHA1('aapwd'), 'U'); INSERT INTO Staff VALUES ('BBB', 'Bob', 'Brown', 'brownie', SHA1('bbpwd'), 'M'); INSERT INTO Staff VALUES ('CCC', 'Cassie', 'Carson', 'cassie', SHA1('ccpwd'), 'U'); CREATE TABLE Patient ( patientID INT AUTO_INCREMENT, title VARCHAR(15) DEFAULT 'Mr', firstN VARCHAR(40) NOT NULL, lastN VARCHAR(20) NOT NULL, street VARCHAR(25), suburb VARCHAR(30), state CHAR(3) DEFAULT 'NSW', pc CHAR(4) DEFAULT '2250', phone CHAR(12), email VARCHAR(50), imageName VARCHAR(50), login VARCHAR(12), pwd VARCHAR(40), PRIMARY KEY (patientID) ); CREATE TABLE EquipmentType ( typeID CHAR(3), description VARCHAR(50) NOT NULL, checkPeriod INT, costPerDay FLOAT(5, 2), PRIMARY KEY (typeID) ); CREATE TABLE Equipment ( serialNo CHAR(10), eType CHAR(3) NOT NULL, purchased DATE NOT NULL, lastChecked DATE, equipCondition VARCHAR(15) DEFAULT 'Excellent', countryMade VARCHAR(25), PRIMARY KEY (serialNo), FOREIGN KEY (eType) REFERENCES EquipmentType(typeID) ); CREATE TABLE Hire( hireID INT AUTO_INCREMENT, patID INT, serialNo CHAR(10) NOT NULL, dateHired DATE NOT NULL, dateReturned DATE, UNIQUE KEY ukHire (patID, serialNo, dateHired), PRIMARY KEY (hireID), FOREIGN KEY (patID) REFERENCES Patient(patientID), FOREIGN KEY (serialNo) REFERENCES Equipment(serialNo) ); CREATE TABLE Payment ( paymentID INT AUTO_INCREMENT, amount FLOAT(5, 2) NOT NULL, paymentDate DATE NOT NULL, method VARCHAR(15), hireID INT, PRIMARY KEY (paymentID), FOREIGN KEY (hireID) REFERENCES Hire(hireID) ); /*Patient */ INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Admiral','William', 'Adama', '1 Captain Close', 'Caprica', 'VIC', '3209', '02 3321 1123', 'bill@galactica.com', 'wa', 'wapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('President','Laura', 'Roslin', '1 Education Street', 'Canberra', 'ACT', '2601', '02 6676 1123', 'laura@earth.gov', 'lr', 'lrpwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Captain','Lee', 'Adama', '5 Apolla Lane', 'Squadron', 'QLD', '4459', '07 8446 1111', 'lee@galactica.com', 'la', 'lapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Ms','Sharon', 'Valerii', '23 Hanger Drive', 'Gosford', 'NSW', '2250', '02 4356 0000', NULL, 'sv', 'svpwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Miss', 'Kara','Thrace', '10 Cylon Street', 'Wyong', 'NSW', '2259', NULL, 'karaT@blackhole.com', 'kt', 'ktpwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Mr', 'Karl', 'Agathon', '8 Short Avenue', 'Geminon', 'NSW', '2299', '02 8876 1123', 'helo@galactica.com', 'ka', 'kapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Mr','Sam', 'Anders', NULL, NULL, NULL, NULL, NULL, NULL, 'sa', 'sapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Colonel','Saul', 'Tigh', '2 Crew Close', 'Shipton', 'QLD', '4309', '02 8876 1123', 'saul@galactica.com', 'st', 'stpwd'); /*Equipment Type */ INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WCE', 'Wheelchair - Electric', 90, 5.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WCS', 'Wheelchair - Standard', 120, 3.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WF3', '3 Wheel Walking Frame', 60, 4.25); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('FRL', 'Lightweight Folding Ramp', 100, 5.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('SCL', 'Large Scooter', 60, 120.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('CRL', 'Crutches - Long', 365, 1.50); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('CRE', 'Crutches - Elbow', 365, 2.50); /*Equipment*/ INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99800', 'WCE', '2017-02-01', '2017-03-01', 'Excellent', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99801', 'WCE', '2017-03-01', '2017-04-01', 'Good', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99802', 'WCE', '2017-03-01', '2017-03-02', 'Good', 'China'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99800', 'WCS', '2016-02-01', '2017-04-01', 'Good', 'USA'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99803', 'WCS', '2016-08-01', '2017-01-04', 'Good', 'China'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99804', 'WF3', '2016-11-01', '2017-04-01', 'Excellent', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99800', 'WF3', '2016-11-01', '2017-01-21', 'Excellent', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99802', 'WF3', '2016-02-01', '2016-04-01', 'Some wear', 'France'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99803', 'SCL', '2017-02-01', '2017-04-01', 'Some wear', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CR99800', 'CRL', '2016-10-01', '2017-04-01', 'Some wear', 'China'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CR99802', 'CRL', '2016-10-01', '2016-11-01', 'OK', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CE99801', 'CRE', '2017-10-01', '2017-04-01', 'OK', 'France'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CE99802', 'CRE', '2017-10-01', '2017-04-01','Excellent', 'Australia'); /*Hire*/ INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 1, 'WC99800', '2017-04-01', '2017-05-01'); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 1, 'CR99800', '2017-05-01', '2017-05-01'); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 2, 'WC99800', '2017-04-01', '2017-04-04'); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 3, 'BF99800', '2017-04-01', NULL); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'WC99800', '2017-05-01', NULL); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'CE99802', '2017-05-01', NULL); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'BF99803', '2017-05-01', NULL); /*Payment*/ INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (150.00, '2017-05-01', 'Credit Card', 1); INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (150.00, '2017-05-01', 'Credit Card', 2); INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (25.00, '2017-04-04', 'EFTPOS', 3); /* For Testing */ SELECT * FROM Staff; SELECT * FROM Patient; SELECT * FROM Equipment; SELECT * FROM EquipmentType; SELECT * FROM Hire; SELECT * FROM Payment;

<?php $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = array(); if (empty($_POST['login'])) { $errors[] = 'You forgot to enter your login'; } else { $lgn = mysqli_real_escape_string($dbc, trim($_POST['login'])); } if (empty($_POST['pwd'])) { $errors[] = 'You forgot to enter your password'; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pwd'])); } if (!empty($_POST['pwd1'])) { if($_POST['pwd1'] != $_POST['pwd2']) { $errors[] = 'Your new password did not match the confirmed password'; } else { $np = mysqli_real_escape_string($dbc, trim($_POST['pwd1'])); } } else { $errors[] = 'You forgot to enter your password'; } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE( login = '$lgn' AND pwd = SHA1('$p') )"; $r = @mysqli_query($dbc, $q); $num = @mysqli_num_rows($r); if($num == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; $r = @mysqli_query($dbc, $q); if(mysqli_affected_rows($dbc) == 1) { echo '<h1>Thank You!</h1> <p>Your password has been updated</p>'; } else { echo '<h1>System Error</h1> <p class = "error">Your password could not be changed due a system error.We apologize for any inconvenience</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } mysqli_close($dbc); include('includes/footer.html'); exit(); } else { echo '<h1>Error</h1> <p class = "error">The login and password do not match those on file</p>'; } } else { echo '<h1>Error!</h1> <p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p><p><br/></p>'; } mysqli_close($dbc); } ?> <h1>Change Your Password</h1> <form action="update.php" method="post"> <p>Login: <input type="text" name = "login" size = "2" maxlength = "12" value ="<?php if(isset($_POST['login'])) echo $_POST['login']; ?>" /></p> <p>Current Password: <input type="password" name="pwd" size="5" maxlength="20" value="<?php if (isset($_POST['pwd'])) echo $_POST['pwd']; ?>" /></p> <p>New Password: <input type="password" name="pwd1" size="5" maxlength="20" value="<?php if (isset($_POST['pwd1'])) echo $_POST['pwd1']; ?>" /></p> <p>Confirm New Password: <input type="password" name="pwd2" size="5" maxlength="20" value="<?php if (isset($_POST['pwd2'])) echo $_POST['pwd2']; ?>" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> </form> <?php include ('includes/footer.html'); ?> <?php $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = array(); if (empty($_POST['login'])) { $errors[] = 'You forgot to enter your login'; } else { $lgn = mysqli_real_escape_string($dbc, trim($_POST['login'])); } if (empty($_POST['pwd'])) { $errors[] = 'You forgot to enter your password'; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pwd'])); } if (!empty($_POST['pwd1'])) { if($_POST['pwd1'] != $_POST['pwd2']) { $errors[] = 'Your new password did not match the confirmed password'; } else { $np = mysqli_real_escape_string($dbc, trim($_POST['pwd1'])); } } else { $errors[] = 'You forgot to enter your password'; } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE( login = '$lgn' AND pwd = SHA1('$p') )"; $r = @mysqli_query($dbc, $q); $num = @mysqli_num_rows($r); if($num == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; $r = @mysqli_query($dbc, $q); if(mysqli_affected_rows($dbc) == 1) { echo '<h1>Thank You!</h1> <p>Your password has been updated</p>'; } else { echo '<h1>System Error</h1> <p class = "error">Your password could not be changed due a system error.We apologize for any inconvenience</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } mysqli_close($dbc); include('includes/footer.html'); exit(); } else { echo '<h1>Error</h1> <p class = "error">The login and password do not match those on file</p>'; } } else { echo '<h1>Error!</h1> <p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p><p><br/></p>'; } mysqli_close($dbc); } ?> <h1>Change Your Password</h1> <form action="update.php" method="post"> <p>Login: <input type="text" name = "login" size = "2" maxlength = "12" value ="<?php if(isset($_POST['login'])) echo $_POST['login']; ?>" /></p> <p>Current Password: <input type="password" name="pwd" size="5" maxlength="20" value="<?php if (isset($_POST['pwd'])) echo $_POST['pwd']; ?>" /></p> <p>New Password: <input type="password" name="pwd1" size="5" maxlength="20" value="<?php if (isset($_POST['pwd1'])) echo $_POST['pwd1']; ?>" /></p> <p>Confirm New Password: <input type="password" name="pwd2" size="5" maxlength="20" value="<?php if (isset($_POST['pwd2'])) echo $_POST['pwd2']; ?>" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> </form> <?php include ('includes/footer.html'); ?> The Table being used in the update query is the Patient table keep CREATE TABLE Patient ( patientID INT AUTO_INCREMENT, title VARCHAR(15) DEFAULT 'Mr', firstN VARCHAR(40) NOT NULL, lastN VARCHAR(20) NOT NULL, street VARCHAR(25), suburb VARCHAR(30), state CHAR(3) DEFAULT 'NSW', pc CHAR(4) DEFAULT '2250', phone CHAR(12), email VARCHAR(50), imageName VARCHAR(50), login VARCHAR(12), pwd VARCHAR(40), PRIMARY KEY (patientID) );

<?php // This page defines two functions used by login/logout function. /*This function determines an absolute URL, and redirects the user there. *The function takes one argument, the to be redirected to. *?the arguemnt defaults to index.php. */ function redirect_user ($page = "index.php") { // Start defining the URL. // URL is 'http:// ' . $_SERVER['HTTP_HOST'] . dirname ([$_SERVER['PHP_SELF']): $url = 'http://' . $_SERVER['localhost'] . medicalcenter($_SERVER['PHP_SELF']); // Remove the any trailing slashes; $url = rtrim($url,'/\\'); // Add the page: $url .= '/'. $page; // Redirect the user : header("Location: $url"); exit(); // Quit the script. } /// End of redirect user() function. /* This function validates the form data(the login and password). *If both are present ,the database is queried. * The functions require a database connection *the function returns an array of information,including: * - a TRUE/FALSE variable indicating success * - an array not either either errors or the database result */ function check_login($dbc, $login = '', $pwd = '') { $errors = array(); // Initialising error array. // Validate the login: if (empty($login)) { $errors[] = 'You forgot to enter your login'; } else { $login = mysqli_real_escape_string($dbc, trim($login)); } // Validate the password: if (empty($pwd)) { $errors[] = 'You forgot to enter your password'; } else { $pwd = mysqli_real_escape_string($dbc, trim($pwd)); } if (empty($errors)) {// If everything is OK. // Retrieve the PatientId and firstN for that login/password combination $q = "SELECT PatientId,firstN FROM Patient WHERE login = '$login' AND pwd = SHA1('$pwd')"; $r = @mysqli_query($dbc, $q); // Check the result if (mysqli_num_rows ($r) == 1) { // Fetch the records: $row = mysqli_fetch_array($r,MYSQLI_ASSOC); // Return true and the record: } else { // Not a match: $errors[] = 'Your login and password did not match those on file'; } } // End of empty($errors): // Return false and the errors: return array(false, $errors); } // End of check_login() function. <?php $thispage = "login"; include('header.html'); include('nav.php'); ?> </ul> </nav> <h1 id = "h1">Holistic Medical Centre</h1> <p>38 Warnervale Road</p> <p>Warnervale NSW 2290</p> <p>Phone 43-945-789</p> </header> <?php if (isset($errors) && !empty($errors)) { echo '<h1 class = "error">Error!</h1> <p class = "error">The following errors have occured<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p class ="error">Please try again</p><p><br/></p>'; } ?> <h1 id = "login">Login</h1> <form class = "login" action = "login.php" method = "post"> <p>Login:<input type = "text" name = "login" size = "2" maxlength = "2"/></p> <p>Password:<input type = "password" name = "pwd" size = "10" maxlength = "10"/></p> <p><input type = "submit" name = "submit" value = "login" id ="para5"/></p> </form> <?php include('footer.html'); ?> <?php // This script processes the login form submission // The script now uses sessions: // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need to two helper files require('includes/login_functions.inc.php'); require('../mysqli_connect.php'); // Check the login: list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']); if ($check) { //OK //Set the session data: session_start(); $_SESSION['PatientId'] = $data['PatientId']; $_SESSION['firstN'] = $data['firstN']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); redirect_user('loggedin.php'); } else { // Unsuccessful: // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysqli_close($dbc); // Close the database connection. } // End of the main submit conditionall // Create the page: include('includes/login_page.inc.php'); ?> <?php // This script processes the login form submission // The script now uses sessions: // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need to two helper files require('includes/login_functions.inc.php'); require('../mysqli_connect.php'); // Check the login: list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']); if ($check) { //OK //Set the session data: session_start(); $_SESSION['PatientId'] = $data['PatientId']; $_SESSION['firstN'] = $data['firstN']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); redirect_user('loggedin.php'); } else { // Unsuccessful: // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysqli_close($dbc); // Close the database connection. } // End of the main submit conditionall // Create the page: include('includes/login_page.inc.php'); ?>

<?php // This page defines two functions used by the login/logout process. /* This function determines an absolute URL and redirects the user there. * The function takes one argument: the page to be redirected to. * The argument defaults to index.php. */ function redirect_user ($page = 'index.php') { $url = 'http://' . $_SERVER['localhost'] . mecicalcenter($_SERVER['PHP_SELF']); // Remove any trailing slashes: $url = rtrim($url, '/\\'); // Add the page: $url .= '/' . $page; // Redirect the user: header("Location: $url"); exit(); // Quit the script. } // End of redirect_user() function. /* This function validates the form data (the email address and password). * If both are present, the database is queried. * The function requires a database connection. * The function returns an array of information, including: * - a TRUE/FALSE variable indicating success * - an array of either errors or the database result */ function check_login($dbc, $login = '', $pass = '') { $errors = array(); // Initialize error array. // Validate the login: if (empty($login)) { $errors[] = 'You forgot to enter your login.'; } else { $lgn = mysqli_real_escape_string($dbc,trim($login)); } // Validate the password: if (empty($pass)) { $errors[] = 'You forgot to enter your password.'; } else { $p = mysqli_real_escape_string($dbc, trim($pass)); } if (empty($errors)) { // If everything's OK. // Retrieve the user_id and first_name for that email/password combination: $q = "SELECT PatientId ,firstN FROM patient WHERE login = '$lgn' AND pass = SHA1('$p')"; $r = @mysqli_query ($dbc, $q); // Run the query. // Check the result: if (mysqli_num_rows($r) == 1) { // Fetch the record: $row = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Return true and the record: return array(true, $row); } else { // Not a match! $errors[] = 'The login and password entered do not match those on file.'; } } // End of empty($errors) IF. // Return false and the errors: return array(false, $errors); } // End of check_login() function.

<li><a href = "adelaide.html" id ="ade" a.mouseout ="function()" a.mouseover ="function()" >Adelaide</a></li> <li><a href="alicesprings.html" class ="caption" id ="alicesprings" >Alice Springs</a></li> <li><a href="broome.html" >Broome</a> </li> <li><a href="cairns.html" >Cairns</a> </li> <li><a href="canberra.html" >Canberra</a> </li> </ul> </div> <div id ="div13"> <ul> <li><a href ="darwin.html">Darwin</a></li> <li><a href ="goldcoast.html">Gold Coast</a></li> <li><a href ="hobart.html">Hobart</a></li> <li><a href ="regionalcities.html">Regional Cities</a></li> </ul> </div> <div id ="div15"> <ul> <li><a href ="bluemountains.html">Blue Mountains</a></li> <li><a href ="byronbay.html">Byron Bay</a></li> <li><a href ="flindersranges.html">Flinders Ranges</a></li> <li><a href ="frazerisland.html">Frazer Island</a></li> <li><a href ="freycinet.html">Freycinet</a></li> <li><a href ="gippsland.html">Gippsland</a></li> <li><a href ="kakadu.html">Kakadu</a></li> </ul> </div> <div id ="div16"> <ul> <li><a href ="namadjinationalpark.html">Namadji Park</a></li> <li><a href ="ningaloo.html">Ningaloo</a></li> <li><a href ="tasmanianwilderness.html">Tasmanian Wilderness</a></li> <li><a href ="australianalps.html">Australian Alps</a></li> <li><a href ="kimberley.html">Kimberley</a></li> <li><a href ="margaretriver.html">Margaret River</a></li> </ul> </div> <div id ="div14"> <img src="images/australiaMap.jpg" id ="img9" alt=""/> </div> </div> </div> // JavaScript Document "use strict"; window.onload =rolloverInit; function rolloverInit() { for(var i =0;i<document.links.length;i++) { var linkObj = document.links; if(a.caption) { var imgObj = document.getElementByClassName(a.caption); if(australiaMap) { setupRollover(a,australiaMap); } } } } function setupRollover(a,australiaMap) { a.imgToChange = australiaMap; a.onmouseout =function() { this.adelaide5.src = this.australiaMap.src; } a.onmouseover = function() { this.australiaMap.src = this.adelaide5.src; } a.outImage = new Image(); a.australiaMap.src ="images/" + "australiaMap.jpg"; a.overImage = new Image(); a.adelaider5.src ="images/" + a.ade + "adelaide5.jpg"; } Dear Larry I got this script from Visual Quickstart Guide 9th Edition by Tom Negrino on page 99 I really appreciate you replying to me. Cheers Diane

<li><a href = "adelaide.html" id ="ade" a.mouseout ="function()" a.mouseover ="function()" >Adelaide</a></li> <li><a href="alicesprings.html" class ="caption" id ="alicesprings" >Alice Springs</a></li> <li><a href="broome.html" >Broome</a> </li> <li><a href="cairns.html" >Cairns</a> </li> <li><a href="canberra.html" >Canberra</a> </li> </ul> </div> <div id ="div13"> <ul> <li><a href ="darwin.html">Darwin</a></li> <li><a href ="goldcoast.html">Gold Coast</a></li> <li><a href ="hobart.html">Hobart</a></li> <li><a href ="regionalcities.html">Regional Cities</a></li> </ul> </div> <div id ="div15"> <ul> <li><a href ="bluemountains.html">Blue Mountains</a></li> <li><a href ="byronbay.html">Byron Bay</a></li> <li><a href ="flindersranges.html">Flinders Ranges</a></li> <li><a href ="frazerisland.html">Frazer Island</a></li> <li><a href ="freycinet.html">Freycinet</a></li> <li><a href ="gippsland.html">Gippsland</a></li> <li><a href ="kakadu.html">Kakadu</a></li> </ul> </div> <div id ="div16"> <ul> <li><a href ="namadjinationalpark.html">Namadji Park</a></li> <li><a href ="ningaloo.html">Ningaloo</a></li> <li><a href ="tasmanianwilderness.html">Tasmanian Wilderness</a></li> <li><a href ="australianalps.html">Australian Alps</a></li> <li><a href ="kimberley.html">Kimberley</a></li> <li><a href ="margaretriver.html">Margaret River</a></li> </ul> </div> <div id ="div14"> <img src="images/australiaMap.jpg" id ="img9" alt=""/> </div> </div> </div> // JavaScript Document "use strict"; window.onload =rolloverInit; function rolloverInit() { for(var i =0;i<document.links.length;i++) { var linkObj = document.links; if(a.caption) { var imgObj = document.getElementByClassName(a.caption); if(australiaMap) { setupRollover(a,australiaMap); } } } } function setupRollover(a,australiaMap) { a.imgToChange = australiaMap; a.onmouseout =function() { this.adelaide5.src = this.australiaMap.src; } a.onmouseover = function() { this.australiaMap.src = this.adelaide5.src; } a.outImage = new Image(); a.australiaMap.src ="images/" + "australiaMap.jpg"; a.overImage = new Image(); a.adelaider5.src ="images/" + a.ade + "adelaide5.jpg"; }

<ul> <li><a href="adelaide.html" class = "caption">Adelaide</a></li> <li><a href="alicesprings.html" class ="caption" id="central" Alice Springs</a></li> <li><a href= broome.html" class ="caption" id="broome" >Broome</a> </li> <li><a href="cairns.html" class ="caption" id="cairns" >Cairns</a> </li> <li><a href="canberra.html" class ="caption" id="canberra" >Canberra</a> </li> </ul> window.onload = rolloverInit; function rolloverInit() { for (var i=0; i<document.links.length; i++) { var linkObj = document.links; if (linkObj.className) { var imgObj = document.getElementById(linkObj.className); if (imgObj) { setupRollover(linkObj,imgObj); } } } } function setupRollover(theLink,textImage) { theLink.imgToChange = textImage; theLink.onmouseout = function() { this.imgToChange.src = this.outImage.src; } theLink.onmouseover = function() { this.imgToChange.src = this.overImage.src; } theLink.outImage = new Image(); theLink.outImage.src = textImage.src; theLink.overImage = new Image(); theLink.overImage.src = "images/" + theLink.id + "Text.gif"; }