$action = $_POST['action'];
} else {
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = 'show_menu';
}
}
$message = "";
// Perform the specified action
switch ($action) {
case 'login':
if (!empty($_POST['email']) && !empty($_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$user = is_valid_admin_login($email, $password);
// Set cookie values for valid user session
if ($user) {
$_SESSION['is_valid_user'] = true;
$user_info = get_user_id($email);
$user_id = $user_info['userID'];
$user_type = $user_info['typeID'];
$_SESSION['user_id'] = $user_id;
$_SESSION['user_type'] = $user_type;
choose_menu();
} else {
$message = 'Invalid ID or password.';
include 'view/login.php';
}
} else {
$message = 'You must log in to view this page.';
include 'account_login.php';
break;
case 'login':
// Get username/password
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
// Validate user data
$validate->email('email', $email);
$validate->text('password', $password, true, 6, 30);
// If validation errors, redisplay Login page and exit controller
if ($fields->hasErrors()) {
include 'admin/account/account_login.php';
break;
}
// Check database - if valid username/password, log in
if (is_valid_admin_login($email, $password)) {
$_SESSION['admin'] = get_admin_by_email($email);
} else {
$password_message = 'Login failed. Invalid email or password.';
include 'admin/account/account_login.php';
break;
}
// Display Admin Menu page
redirect('..');
break;
case 'view_account':
// Get all accounts from database
$admins = get_all_admins();
// Set up variables for add form
$email = '';
$first_name = '';
include 'admin_login.php';
} else {
if ($action == 'admin_menu') {
include 'admin_menu.php';
} else {
if ($action == 'login') {
//loging in
//get form data
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
if ($username == NULL || $username == FALSE || $password == NULL || $password == FALSE) {
$message = "Login Failed: missing username or passwrod.";
include 'admin_login.php';
} else {
//check password
if (is_valid_admin_login($username, $password)) {
//login successfull
$_SESSION['admin'] = $username;
header('Location: .');
} else {
$message = "Login Failed: invalid username or passwrod.";
include 'admin_login.php';
}
}
} else {
if ($action == 'logout') {
unset($_SESSION['admin']);
include 'admin_login.php';
}
}
}
