-
Notifications
You must be signed in to change notification settings - Fork 2
/
login_process.php
executable file
·94 lines (77 loc) · 2.12 KB
/
login_process.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
session_start();
if(!isset($_POST["username"]) || !isset($_POST["password"]))
{
header("location:login.php?error='Invalid request'");
die();
}
require_once 'unit_tests/classes/sanitiser.php'; // create sanitise objects
require_once 'unit_tests/classes/validator.php'; // create sanitise objects
$sanitiser = new Sanitiser();
$validator = new Validator();
$email = $sanitiser->sanitise($_POST["username"]);
$password = md5($_POST["password"]); // dont sanitise passwords
if($email=='')
{
header("location:login.php?error='Please enter a valid email address'");
die();
}
if($email=='guest')
{
$_SESSION["username"] = "guest";
header("location:index.php");
die();
}
include_once "settings.php";
$sql_table="users";
$conn = mysqli_connect($host, $user, $pwd, $sql_db);
if(!$conn)
{
header("location:login.php?error=Cant connect to database, please try again");
die();
}
$query = "SELECT Email FROM Student WHERE email='$email'";
$result = @mysqli_query($conn, $query);
if(!$result)
{
header("location:login.php?error='That username doesnt exist'");
die();
}
$query = "SELECT * FROM Student WHERE email='$email'";
$result = @mysqli_query($conn, $query);
//set session
$row = mysqli_fetch_assoc($result);
if($row['Password']==$password)
{
session_destroy();
session_start();
$_SESSION["username"] = $email;
$_SESSION["u_firstname"] = $row['FirstName'];
$_SESSION["u_lastname"] = $row['LastName'];
$_SESSION["u_dob"] = $row['TellNo'];
$_SESSION["u_address"] = $row['Address'];
$_SESSION["u_course"] = $row['CourseID'];
$_SESSION["u_university"] = $row['UniversityID'];
$_SESSION["u_gender"] = $row['Gender'];
$_SESSION["u_country"] = $row['Country'];
if(isset($_SESSION["u_university"],$_SESSION["u_course"]))
{
header("location:index.php");
}
if($row['UniversityID']=='' || $row['UniversityID']==null)
{
header("location:select_university.php");
die();
}
if($row['CourseID']=='' || $row['CourseID']==null)
{
header("location:select_course.php");
die();
}
}
else
{
header("location:login.php?error='Wrong password'");
die();
}
?>