forked from ronilcajan/point-of-sale
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
executable file
·47 lines (37 loc) · 1.44 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
include('server/connection.php');
$error = array();
if (isset($_POST['login'])){
$password = md5(mysqli_real_escape_string($db, $_POST['password']));
$position = mysqli_real_escape_string($db, $_POST['position']);
$username = mysqli_real_escape_string($db, $_POST['username']);
if($username != '' AND $password != '' AND $position != ''){
$query = "SELECT * FROM users WHERE username = '$username' AND position = '$position' AND password = '$password'";
$result = mysqli_query($db, $query);
if(mysqli_num_rows($result) == 1){
while ($row = mysqli_fetch_assoc($result)) {
$_SESSION['username'] = $row['username'];
$user = $_SESSION['username'];
$insert = "INSERT INTO logs (username,purpose) VALUES('$user','User $user login')";
$logs = mysqli_query($db,$insert);
header('location: employee_page.php');
}
}else{
array_push($error, "Wrong username/password!");
}
}else{
$query = "SELECT * FROM users WHERE position = '$position' AND password = '$password'";
$result = mysqli_query($db, $query);
if(mysqli_num_rows($result) == 1){
while ($row = mysqli_fetch_assoc($result)) {
$_SESSION['username'] = $row['username'];
$user = $_SESSION['username'];
$insert = "INSERT INTO logs (username,purpose) VALUES('$user','User $user login')";
$logs = mysqli_query($db,$insert);
header('location: main.php');
}
}else{
array_push($error, "Wrong username/password!");
}
}
}