function get_users()
{
$obj = new users();
$result = $obj->get_all_users();
if ($result) {
while ($row = $obj->fetch()) {
echo $row['username'];
echo "<br>";
echo $row['user_type'];
echo "<br>";
echo $row['permission'];
echo "<br>";
}
}
}
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
if (isset($_REQUEST['user'])) {
$obj = new users();
$user = $_REQUEST['user'];
$pass = sanitizeString($_REQUEST['pass']);
$pass_encrypt = $obj->encrypt("{$pass}");
if ($user == "" || $pass == "") {
echo 'not all fields have been filled';
} else {
if (!$obj->get_user($user)) {
echo 'invalid username or password';
} else {
$row = $obj->fetch();
$password = $row['password'];
if ($password == $pass_encrypt) {
if ($row['admin'] == 0) {
session_start();
$id = $row['id'];
echo $id;
include_once 'nurses.php';
$user_nurse = new nurses();
$user_nurse->get_nurse($id);
$user_row = $user_nurse->fetch();
$_SESSION['user'] = $user;
$_SESSION['fname'] = $user_row['nurse_fname'];
$_SESSION['sname'] = $user_row['nurse_sname'];
$_SESSION['id'] = $id;
$_SESSION['admin'] = false;
function searchUser()
{
if (!isset($_REQUEST['st'])) {
//return error
echo '{"result":0,"message": "search did not work."}';
}
$txt = $_REQUEST['st'];
include "users.php";
$obj = new users();
if (!$obj->searchUsers($txt)) {
//return error
echo '{"result":0,"message": "search did not work."}';
return;
}
//at this point the search has been successful.
//generate the JSON message to echo to the browser
$row = $obj->fetch();
echo '{"result":1,"users":[';
//start of json object
while ($row) {
echo json_encode($row);
//convert the result array to json object
$row = $obj->fetch();
if ($row) {
echo ",";
//if there are more rows, add comma
}
}
echo "]}";
//end of json array and object
}
echo $_SERVER['PHP_SELF'];
?>
" method="POST">
<input type="text" name="username" id="username" size="30">
<input type="text" name="userpass" id="userpass" size="30">
<input type="submit" value="Login" >
</form>
<?php
include "users.php";
if (!empty($_REQUEST['username'])) {
$obj = new users();
$usname = $_REQUEST['username'];
$uspass = $_REQUEST['userpass'];
$sql = "select * from users where user_name='{$usname}' and user_pass='******'";
$obj->query($sql);
$res = $obj->fetch();
if (isset($res['user_name'])) {
session_start();
$_SESSION['user_name'] = $res['user_name'];
$_SESSION['user_type'] = $res['user_type'];
$_SESSION['user_id'] = $res['user_id'];
header('location:search.php');
echo "<script> window.locatioin='search.php' </script>";
}
echo "Wrong User name or password";
}
?>
</body>
</html>
