/
dev_logon.php
153 lines (129 loc) · 4.9 KB
/
dev_logon.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
require_once ("Includes/header.php");
if(!logged_on()||ENV_logged_on())
{
header ("Location: /Home.php");
}
$query = "SELECT * FROM riot4.users WHERE id = ?";
$params = array($_SESSION['userid']);
$statement = sqlsrv_query($conn,$query,$params);
if(sqlsrv_has_rows($statement))
{
$row = sqlsrv_fetch_array($statement);
if(!is_null($row['logged_MID']))
{
$msg = "Your account is beign used elsewhere.Please logoff from that environment before logging in here.";
header ("Location: /userPref_settings.php?Message=".urlencode($msg));
}
}
if (isset($_POST['Dev_Login']))
{
$Envir_ID = $_POST['Chip_ID'];
$password = $_POST['OTP'];
$valid = FALSE;
$query = "SELECT * FROM riot4.ENV WHERE id = ?";
$params = array($Envir_ID);
$statement = sqlsrv_query($conn,$query,$params);
if(sqlsrv_has_rows($statement))
{
$row = sqlsrv_fetch_array($statement);
if($row['OTP']==$password)
{
$_SESSION['ENV_OTP'] = $row['OTP'];
$_SESSION['MID'] = $row['id'];
$_SESSION['ROOT'] = $row['root'];
$query_update = "UPDATE riot4.users SET logged_MID = ? WHERE id = ?";
$params = array($Envir_ID,$_SESSION['userid']);
sqlsrv_query($conn,$query_update,$params);
if($row['root']==NULL)
{
$query_update = "UPDATE riot4.ENV SET root = ? WHERE id = ?";
$params = array($_SESSION['userid'],$Envir_ID);
$statement_update = sqlsrv_query($conn,$query_update,$params);
$_SESSION['ROOT'] = $_SESSION['userid'];
$msg = "You have been set as root for the environment";
header ("Location: /env_settings.php?Message=".urlencode($msg));
}
if($_SESSION['ROOT']==$_SESSION['userid'])
{
/* Change ENV values to that of root
-------------------------------------------*/
$query = "SELECT * from riot4.settings WHERE User_ID = ?";
$params = array($_SESSION['userid']);
$statement = sqlsrv_query($conn, $query, $params);
if(sqlsrv_has_rows($statement))
{
while($row = sqlsrv_fetch_array($statement))
{
$query_env_update = "UPDATE riot4.ENV_settings SET Value = ? WHERE id = ? AND Device = ?";
$params = array($row['Value'],$Envir_ID,$row['Device']);
$statement_env_update = sqlsrv_query($conn, $query_env_update,$params);
}
}
$msg = "You are admin for the environment";
header ("Location: /env_settings.php?Message=".urlencode($msg));
}
else if(get_count($_SESSION['MID'])==0)
{
/* Change ENV values to that of first user
-------------------------------------------*/
$query = "SELECT * from riot4.settings WHERE User_ID = ?";
$params = array($_SESSION['userid']);
$statement = sqlsrv_query($conn, $query, $params);
if(sqlsrv_has_rows($statement))
{
while($row = sqlsrv_fetch_array($statement))
{
$query_env_update = "UPDATE riot4.ENV_settings SET Value = ? WHERE id = ? AND Device = ? AND LOCK=0";
$params = array($row['Value'],$Envir_ID,$row['Device']);
$statement_env_update = sqlsrv_query($conn, $query_env_update,$params);
}
}
$msg = "You are 1st user in the environment";
header ("Location: /env_settings.php?Message=".urlencode($msg));
}
}
else
{
$msg = "Environment_ID/OTP combination is incorrect.<br><br>";
$valid = TRUE;
}
}
else
{
$msg = "Environment does not exist.<br><br>";
$valid = TRUE;
}
}
?>
<link rel="stylesheet" type="text/css" href="/Styles/Logon.css">
<div id="main">
<h2>Log on</h2>
<form action="dev_logon.php" method="post">
<fieldset>
<legend>Environment Login</legend>
<ol>
<li>
<label for="username">Chip ID:</label>
<input type="text" name="Chip_ID" value="" id="Chip_ID" />
</li>
<li>
<label for="password">OTP:</label>
<input type="password" name="OTP" value="" id="OTP" />
</li>
</ol>
<?php
if (isset($_POST['Dev_Login']) && $valid)
{
echo $msg;
}
?>
<input type="submit" id="Dev_Login" name="Dev_Login" value="Dev_Login" />
</fieldset>
</form>
</div>
</center>
</div> <!-- End of outer-wrapper which opens in header.php -->
<?php
require_once ("Includes/footer.php");
?>