$action = $_POST['action']; } else { if (isset($_GET['action'])) { $action = $_GET['action']; } else { $action = 'show_menu'; } } $message = ""; // Perform the specified action switch ($action) { case 'login': if (!empty($_POST['email']) && !empty($_POST['password'])) { $email = $_POST['email']; $password = $_POST['password']; $user = is_valid_admin_login($email, $password); // Set cookie values for valid user session if ($user) { $_SESSION['is_valid_user'] = true; $user_info = get_user_id($email); $user_id = $user_info['userID']; $user_type = $user_info['typeID']; $_SESSION['user_id'] = $user_id; $_SESSION['user_type'] = $user_type; choose_menu(); } else { $message = 'Invalid ID or password.'; include 'view/login.php'; } } else { $message = 'You must log in to view this page.';
include 'account_login.php'; break; case 'login': // Get username/password $email = filter_input(INPUT_POST, 'email'); $password = filter_input(INPUT_POST, 'password'); // Validate user data $validate->email('email', $email); $validate->text('password', $password, true, 6, 30); // If validation errors, redisplay Login page and exit controller if ($fields->hasErrors()) { include 'admin/account/account_login.php'; break; } // Check database - if valid username/password, log in if (is_valid_admin_login($email, $password)) { $_SESSION['admin'] = get_admin_by_email($email); } else { $password_message = 'Login failed. Invalid email or password.'; include 'admin/account/account_login.php'; break; } // Display Admin Menu page redirect('..'); break; case 'view_account': // Get all accounts from database $admins = get_all_admins(); // Set up variables for add form $email = ''; $first_name = '';
include 'admin_login.php'; } else { if ($action == 'admin_menu') { include 'admin_menu.php'; } else { if ($action == 'login') { //loging in //get form data $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); if ($username == NULL || $username == FALSE || $password == NULL || $password == FALSE) { $message = "Login Failed: missing username or passwrod."; include 'admin_login.php'; } else { //check password if (is_valid_admin_login($username, $password)) { //login successfull $_SESSION['admin'] = $username; header('Location: .'); } else { $message = "Login Failed: invalid username or passwrod."; include 'admin_login.php'; } } } else { if ($action == 'logout') { unset($_SESSION['admin']); include 'admin_login.php'; } } }