* Verify Details
*/
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$response = DBAccess::verifyUser($userName, $password, $IP, $browser);
if ($response == -1) {
$feedBack = "YOUR ACCOUNT HAS BEEN DISABLED";
} else {
if ($response > 0) {
$details = DBAccess::getUserByUserID($response);
// store session data
$_SESSION['userID'] = $response;
$IP = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
//record login
DBAccess::recordLogin($response, $IP, $browser);
//redirect based on permission
if ($details[0]['Position'] == 1) {
header('Location: /admin/');
} elseif ($details[0]['Position'] == 2) {
header('Location: /');
} else {
header('Location: /index.php');
}
} else {
$feedBack = "Invalid username or password";
}
}
}
$title = "Login";
$head = "";
