Search the Community
Showing results for tags 'redirects'.
-
<?php // This page defines two functions used by login/logout function. /*This function determines an absolute URL, and redirects the user there. *The function takes one argument, the to be redirected to. *?the arguemnt defaults to index.php. */ function redirect_user ($page = "index.php") { // Start defining the URL. // URL is 'http:// ' . $_SERVER['HTTP_HOST'] . dirname ([$_SERVER['PHP_SELF']): $url = 'http://' . $_SERVER['localhost'] . medicalcenter($_SERVER['PHP_SELF']); // Remove the any trailing slashes; $url = rtrim($url,'/\\'); // Add the page: $url .= '/'. $page; // Redirect the user : header("Location: $url"); exit(); // Quit the script. } /// End of redirect user() function. /* This function validates the form data(the login and password). *If both are present ,the database is queried. * The functions require a database connection *the function returns an array of information,including: * - a TRUE/FALSE variable indicating success * - an array not either either errors or the database result */ function check_login($dbc, $login = '', $pwd = '') { $errors = array(); // Initialising error array. // Validate the login: if (empty($login)) { $errors[] = 'You forgot to enter your login'; } else { $login = mysqli_real_escape_string($dbc, trim($login)); } // Validate the password: if (empty($pwd)) { $errors[] = 'You forgot to enter your password'; } else { $pwd = mysqli_real_escape_string($dbc, trim($pwd)); } if (empty($errors)) {// If everything is OK. // Retrieve the PatientId and firstN for that login/password combination $q = "SELECT PatientId,firstN FROM Patient WHERE login = '$login' AND pwd = SHA1('$pwd')"; $r = @mysqli_query($dbc, $q); // Check the result if (mysqli_num_rows ($r) == 1) { // Fetch the records: $row = mysqli_fetch_array($r,MYSQLI_ASSOC); // Return true and the record: } else { // Not a match: $errors[] = 'Your login and password did not match those on file'; } } // End of empty($errors): // Return false and the errors: return array(false, $errors); } // End of check_login() function. <?php $thispage = "login"; include('header.html'); include('nav.php'); ?> </ul> </nav> <h1 id = "h1">Holistic Medical Centre</h1> <p>38 Warnervale Road</p> <p>Warnervale NSW 2290</p> <p>Phone 43-945-789</p> </header> <?php if (isset($errors) && !empty($errors)) { echo '<h1 class = "error">Error!</h1> <p class = "error">The following errors have occured<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p class ="error">Please try again</p><p><br/></p>'; } ?> <h1 id = "login">Login</h1> <form class = "login" action = "login.php" method = "post"> <p>Login:<input type = "text" name = "login" size = "2" maxlength = "2"/></p> <p>Password:<input type = "password" name = "pwd" size = "10" maxlength = "10"/></p> <p><input type = "submit" name = "submit" value = "login" id ="para5"/></p> </form> <?php include('footer.html'); ?> <?php // This script processes the login form submission // The script now uses sessions: // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need to two helper files require('includes/login_functions.inc.php'); require('../mysqli_connect.php'); // Check the login: list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']); if ($check) { //OK //Set the session data: session_start(); $_SESSION['PatientId'] = $data['PatientId']; $_SESSION['firstN'] = $data['firstN']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); redirect_user('loggedin.php'); } else { // Unsuccessful: // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysqli_close($dbc); // Close the database connection. } // End of the main submit conditionall // Create the page: include('includes/login_page.inc.php'); ?> <?php // This script processes the login form submission // The script now uses sessions: // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need to two helper files require('includes/login_functions.inc.php'); require('../mysqli_connect.php'); // Check the login: list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']); if ($check) { //OK //Set the session data: session_start(); $_SESSION['PatientId'] = $data['PatientId']; $_SESSION['firstN'] = $data['firstN']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); redirect_user('loggedin.php'); } else { // Unsuccessful: // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysqli_close($dbc); // Close the database connection. } // End of the main submit conditionall // Create the page: include('includes/login_page.inc.php'); ?>