-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalidate.php
More file actions
103 lines (95 loc) · 3.59 KB
/
validate.php
File metadata and controls
103 lines (95 loc) · 3.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
include("DB_connect.php");
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["name"], $_POST["pass"], $_POST["role"])) {
$name = filter_var($_POST["name"], FILTER_SANITIZE_EMAIL);
$pass = $_POST["pass"];
$role = $_POST["role"];
// Input validation
if (empty($name) || empty($pass)) {
$err = "Email and password are required";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
if (!filter_var($name, FILTER_VALIDATE_EMAIL)) {
$err = "Invalid email address";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
if (empty($role)) {
$err = "Role is required";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
// Determine the table and columns based on the role
switch ($role) {
case "1":
$sql = "SELECT * FROM admin_users WHERE admin_email = ?";
$emailColumn = 'admin_email';
$passwordColumn = 'admin_password';
$idColumn = 'admin_id';
$typeColumn = 'admin_type';
break;
case "2":
$sql = "SELECT * FROM students WHERE student_email = ?";
$emailColumn = 'student_email';
$passwordColumn = 'student_password';
$idColumn = 'student_id';
$typeColumn = null;
break;
case "3":
$sql = "SELECT * FROM parents WHERE parent_email = ?";
$emailColumn = 'parent_email';
$passwordColumn = 'parent_password';
$idColumn = 'parent_id';
$typeColumn = null;
break;
default:
$err = "Invalid role";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
// Prepare SQL statement
if ($stmt = $connect->prepare($sql)) {
$stmt->bind_param("s", $name);
$stmt->execute();
$result = $stmt->get_result();
// Check if exactly one row is returned
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
$userEmail = $user[$emailColumn];
$userPassword = $user[$passwordColumn];
$userId = $user[$idColumn];
// if ($name === $userEmail && password_verify($pass, $userPassword)) {
if ($name === $userEmail && $pass === $userPassword) {
$_SESSION['id'] = $userId;
$_SESSION['role'] = $role;
if ($typeColumn !== null) {
$_SESSION['admin_type'] = $user[$typeColumn];
}
header("Location: dashboard.php");
exit;
} else {
$err = "Incorrect email, password or role";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
} else {
$err = "Incorrect email, password or role";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
$stmt->close();
} else {
$err = "An error occurred";
header("Location: ./Admin.php?error=" . urlencode($err));
exit;
}
} else {
header("Location: ./Admin.php");
exit;
}
$connect->close();
}
?>