</head> <body> <div id="contentDiv"> <?php if (!isset($_POST['username']) || !isset($_POST['password'])) { header("location: index.html"); } $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); if (empty($username) || empty($password)) { echo "<h1>Invalid username or password</h1>Please go back and make sure to fill out all the fields."; } else { require_once 'saltpassword.php'; $password_token = saltPassword($_POST['password']); require_once 'maintain_users.php'; $login_result = viewUserByName($_POST['username']); if ($login_result) { $rows = mysql_num_rows($login_result); if ($rows == 0) { echo "<h1>Invalid username or password</h1>The username you entered does not exist."; } else { $row = mysql_fetch_row($login_result); $user_password = $row[2]; if ($user_password == $password_token) { echo "Login was successful..."; session_start(); //Store session data $_SESSION['username'] = $_POST['username']; $_SESSION['status'] = $row[5]; mysql_free_result($login_result); // Status 0 : Admin, Status 1: DBManager, Status 2: User
session_start(); if (isset($_SESSION['status'])) { $status = $_SESSION['status']; if ($status == 0) { echo "<h1>Adding/Updating a user</h1>"; $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $firstname = strip_tags($_POST['firstname']); $lastname = strip_tags($_POST['lastname']); $statusForm = strip_tags($_POST['status']); if (!empty($username) && !empty($password) && !empty($firstname) && !empty($lastname) && $statusForm != "") { if ($statusForm == '0' || $statusForm == '1' || $statusForm == '2') { require_once 'maintain_users.php'; require_once 'saltpassword.php'; $saltpass = saltPassword($password); $result = viewUserByName($username); $rows = mysql_num_rows($result); if ($rows > 0) { // This username exists, therefore you need to update. $row = mysql_fetch_assoc($result); $id = $row['_id']; updateUser($id, $username, $saltpass, $firstname, $lastname, $statusForm); } else { // This is a new user. addUser($username, $saltpass, $firstname, $lastname, $statusForm); } } else { echo 'The status you submitted is invalid.'; } } else { echo 'Please go back and make sure to fill out all the fields.';