function get_users() { $obj = new users(); $result = $obj->get_all_users(); if ($result) { while ($row = $obj->fetch()) { echo $row['username']; echo "<br>"; echo $row['user_type']; echo "<br>"; echo $row['permission']; echo "<br>"; } } }
$var = htmlentities($var); $var = strip_tags($var); return $var; } if (isset($_REQUEST['user'])) { $obj = new users(); $user = $_REQUEST['user']; $pass = sanitizeString($_REQUEST['pass']); $pass_encrypt = $obj->encrypt("{$pass}"); if ($user == "" || $pass == "") { echo 'not all fields have been filled'; } else { if (!$obj->get_user($user)) { echo 'invalid username or password'; } else { $row = $obj->fetch(); $password = $row['password']; if ($password == $pass_encrypt) { if ($row['admin'] == 0) { session_start(); $id = $row['id']; echo $id; include_once 'nurses.php'; $user_nurse = new nurses(); $user_nurse->get_nurse($id); $user_row = $user_nurse->fetch(); $_SESSION['user'] = $user; $_SESSION['fname'] = $user_row['nurse_fname']; $_SESSION['sname'] = $user_row['nurse_sname']; $_SESSION['id'] = $id; $_SESSION['admin'] = false;
function searchUser() { if (!isset($_REQUEST['st'])) { //return error echo '{"result":0,"message": "search did not work."}'; } $txt = $_REQUEST['st']; include "users.php"; $obj = new users(); if (!$obj->searchUsers($txt)) { //return error echo '{"result":0,"message": "search did not work."}'; return; } //at this point the search has been successful. //generate the JSON message to echo to the browser $row = $obj->fetch(); echo '{"result":1,"users":['; //start of json object while ($row) { echo json_encode($row); //convert the result array to json object $row = $obj->fetch(); if ($row) { echo ","; //if there are more rows, add comma } } echo "]}"; //end of json array and object }
echo $_SERVER['PHP_SELF']; ?> " method="POST"> <input type="text" name="username" id="username" size="30"> <input type="text" name="userpass" id="userpass" size="30"> <input type="submit" value="Login" > </form> <?php include "users.php"; if (!empty($_REQUEST['username'])) { $obj = new users(); $usname = $_REQUEST['username']; $uspass = $_REQUEST['userpass']; $sql = "select * from users where user_name='{$usname}' and user_pass='******'"; $obj->query($sql); $res = $obj->fetch(); if (isset($res['user_name'])) { session_start(); $_SESSION['user_name'] = $res['user_name']; $_SESSION['user_type'] = $res['user_type']; $_SESSION['user_id'] = $res['user_id']; header('location:search.php'); echo "<script> window.locatioin='search.php' </script>"; } echo "Wrong User name or password"; } ?> </body> </html>