/
index.php
59 lines (52 loc) · 1.58 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
require 'shared_functions.php';
function composeQuery() {
$query = 'SELECT * FROM customers WHERE';
$query .= " username = '${_POST['username']}'";
$query .= " AND password = SHA1('${_POST['password']}')";
$query .= ";";
return $query;
}
function customerLogin() {
$query = composeQuery();
$connection = connect();
$results = mysql_query($query, $connection);
if (!$results) {
die('Could not get authentication information: ' . mysql_error());
}
if (mysql_num_rows($results) != 1) {
// FIXME
die("Login failed!");
}
$row = mysql_fetch_assoc($results);
setcookie("employee_id", "", time() - 3600);
setcookie("customer_id", "{$row['customer_id']}");
setcookie("username", "{$row['username']}");
setcookie("full_name", "{$row['first_name']} ${row['last_name']}");
header("Location: /customer_menu.php" );
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
customerLogin();
}
?>
<?php showHeader('Customer Login'); ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p class="form">
<label>Username: </label>
<input type="text" name="username"
value="<?php echo $_POST['username'] ?>">
</p>
<p class="form">
<label>Password: </label>
<input type="password" name="password"
value="<?php echo $_POST['password'] ?>">
</p>
</fieldset>
<br>
<input type="submit" class="button" name="submit" value="Log in">
</form>
<br>
<h2>New customer? <a href='register.php'>Register Now</a></h2>
<h2>Manager? <a href='manager.php'>Click here</a><h2>
<?php showFooter(); ?>