Jump to content
Larry Ullman's Book Forums

Recommended Posts

<?php 

// This page defines two functions used by login/logout function.

/*This function determines an absolute URL, and redirects  the user there.

*The function takes one argument, the to be redirected to.

*?the arguemnt defaults to index.php.

*/

function redirect_user ($page = "index.php") {

// Start defining the URL.

// URL is 'http:// ' .  $_SERVER['HTTP_HOST'] . dirname ([$_SERVER['PHP_SELF']):

$url = 'http://' .  $_SERVER['localhost'] . medicalcenter($_SERVER['PHP_SELF']);

// Remove the any trailing slashes;

$url = rtrim($url,'/\\');

// Add the page:

$url .= '/'. $page;

// Redirect the user :

header("Location: $url");

exit(); // Quit the script.

} /// End of redirect user() function.

/* This function validates the form data(the login and password).

*If both are present ,the database is queried.

* The functions require a database connection

*the function returns an array of information,including:

* - a TRUE/FALSE variable indicating success

* - an array not either either errors or the database result

*/

function check_login($dbc, $login = '', $pwd = '') {

$errors = array(); // Initialising error array.

// Validate the login:

if (empty($login)) {

$errors[] = 'You forgot to enter your login';

} else {

$login = mysqli_real_escape_string($dbc, trim($login));

}

// Validate the password:

if (empty($pwd)) {

$errors[] = 'You forgot to enter your password';

} else {

$pwd = mysqli_real_escape_string($dbc, trim($pwd));

}

if (empty($errors)) {// If everything is OK.

// Retrieve the PatientId and firstN for that login/password combination

$q = "SELECT PatientId,firstN FROM Patient WHERE login = '$login' AND  pwd = SHA1('$pwd')";

$r = @mysqli_query($dbc, $q);

// Check the result

if (mysqli_num_rows ($r) == 1) {

// Fetch the records:

$row = mysqli_fetch_array($r,MYSQLI_ASSOC);

// Return true and the record:

} else { // Not a match:

$errors[] = 'Your login and password did not match those on file';

}

} // End of empty($errors):

// Return false and the errors:

return array(false, $errors);

} // End of check_login() function.


<?php 

$thispage = "login";

include('header.html');

include('nav.php');

?>

</ul>

</nav>

<h1 id = "h1">Holistic Medical Centre</h1>

<p>38 Warnervale Road</p>

<p>Warnervale NSW 2290</p>

<p>Phone 43-945-789</p>

</header>

<?php 

if (isset($errors) && !empty($errors)) {

echo '<h1 class = "error">Error!</h1>

<p class = "error">The following errors have occured<br/>';

foreach($errors as $msg) {

echo " -$msg<br/>\n";

}

echo '</p><p class ="error">Please try again</p><p><br/></p>';

}

?>

<h1 id = "login">Login</h1>

<form class = "login" action = "login.php" method = "post">

<p>Login:<input type = "text" name = "login" size = "2" maxlength = "2"/></p>

<p>Password:<input type = "password" name = "pwd" size = "10" maxlength = "10"/></p>

<p><input type = "submit" name = "submit" value = "login" id ="para5"/></p>

</form>

<?php include('footer.html'); ?>


<?php

 // This script processes the login form submission

// The script now uses sessions:

// Check if the form has been submitted:

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

// Need to two helper files

require('includes/login_functions.inc.php');

require('../mysqli_connect.php');

// Check the login:

list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']);

if ($check) { //OK

//Set the session data:

session_start();

$_SESSION['PatientId'] = $data['PatientId'];

$_SESSION['firstN'] = $data['firstN'];

// Store the HTTP_USER_AGENT:

$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

redirect_user('loggedin.php');

} else { // Unsuccessful:

// Assign $data to $errors for login_page.inc.php:

$errors = $data;

}

mysqli_close($dbc); // Close the database connection.

} // End of the main submit conditionall

// Create the page:

include('includes/login_page.inc.php');

?>


<?php

 // This script processes the login form submission

// The script now uses sessions:

// Check if the form has been submitted:

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

// Need to two helper files

require('includes/login_functions.inc.php');

require('../mysqli_connect.php');

// Check the login:

list ($check,$data) = check_login($dbc, $_POST['login'],$_POST['pwd']);

if ($check) { //OK

//Set the session data:

session_start();

$_SESSION['PatientId'] = $data['PatientId'];

$_SESSION['firstN'] = $data['firstN'];

// Store the HTTP_USER_AGENT:

$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

redirect_user('loggedin.php');

} else { // Unsuccessful:

// Assign $data to $errors for login_page.inc.php:

$errors = $data;

}

mysqli_close($dbc); // Close the database connection.

} // End of the main submit conditionall

// Create the page:

include('includes/login_page.inc.php');

?>




 

 

Link to comment
Share on other sites

Could you elaborate what it means when you say "won't work"? What doesn't happen that should? What shouldn't happen that does? What's going on in general. Any actual details you can provide would make this easier to debug.

Link to comment
Share on other sites

 Share

×
×
  • Create New...