/
login.php
104 lines (80 loc) · 3.6 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php ob_start();
session_start();?>
<!DOCTYPE html>
<html>
<head>
<?php require 'templefunction/db_connector.php'; error_reporting(0); ?>
<title>Admin Login</title>
<!-- Bootstrap -->
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
<link href="assets/styles.css" rel="stylesheet" media="screen">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<script src="js/vendor/modernizr-2.6.2-respond-1.1.0.min.js"></script>
<script src="vendors/jquery-1.9.1.min.js"></script>
</head>
<body id="login">
<div class="container">
<form class="form-signin" method="post" >
<h2 class="form-signin-heading">Administrator</h2>
<?php
if($_GET['error']==1)
{
echo '<div class="alert alert-error">
<strong>Error!</strong> Wrong username or password.
</div>';
}
?>
<label>Username</label>
<input type="text" name="username" class="input-block-level" placeholder="Username"/>
<label>Password</label>
<input type="password" name="password" class="input-block-level" placeholder="Password"/>
<label>Clinic</label>
<select id="select01" class="input-block-level" name="clinic">
<option>--Select Clinic--</option>
<?php
$rs = mysql_query("select * from tblclinic");
while($row = mysql_fetch_array($rs)){
echo '<option>'.$row['clinic_name'].'</option>';
}
?> </select>
<input type="submit" name="button" class="btn btn-large btn-primary" value="Login"/>
<?php
if($_POST['button']){
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = "SELECT id, username, password, salt
FROM boot_members
WHERE username = '$username';";
$result = mysql_query($query);
if(mysql_num_rows($result) == 0) // User not found. So, redirect to login_form again.
{
header('Location: index.php?error=1');
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
{
//header('Location: home.php');
echo '<meta http-equiv="refresh" content="0; URL=index.php?error=1">';
}else{ // Redirect to home page after successful login.
session_start();
session_regenerate_id();
$_SESSION['sess_user_id'] = $userData['id'];
$_SESSION['sess_username'] = $userData['username'];
session_write_close();
header('Location: home.php?success=1');
echo '<meta http-equiv="refresh" content="0; URL=home.php?success=1">';
}
}
?>
</form>
</div> <!-- /container -->
<script src="bootstrap/js/bootstrap.min.js"></script>
</body>
</html>