-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.php
85 lines (74 loc) · 2.17 KB
/
main.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
session_start();
// Initialisation of passwords for the database
include('pdo.inc.php');
// Read the credentials if given as POST parameters
$user = '';
$pwd = '';
$message = '';
$logged= false;
if(isset($_SESSION['user'])){
$logged = true;
header("Location: listPatients.php");
exit();
}
if(!$logged){
if(isset($_POST['user'])){
$user = ($_POST['user']);
}
if(isset($_POST['pwd'])){
$pwd = ($_POST['pwd']);
}
try {
// Connect to the database
$dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
// if the username is set, test if combination "username/password" is valid
if($user !=''){
// Initialise SQL query with place holders (:username and :password)
$sql0 = "SELECT staff.staffID, staff.username, first_name, hashed_password
FROM staff,credential
WHERE staff.staffID = credential.staffID AND staff.username=:username AND hashed_password=sha(:password)";
// parse the query and set the parameters for place holders.
$statement0 = $dbh->prepare($sql0);
$statement0->bindParam(':username', $user, PDO::PARAM_STR);
$statement0->bindParam(':password', $pwd, PDO::PARAM_STR);
// execute the query
$result0 = $statement0->execute();
// case if login was a success
if($line = $statement0->fetch()){
echo "<h1> staff : ".$line['staffID']." ".$line['username']." ".$line['hashed_password']."</h1>\n";
$logged=true;
$_SESSION['user']= $line['username'];
header("Location: listPatients.php");
exit();
}
else{ // if login failed
$message= "Login not possible";
}
$dbh = null;
}
}
catch(PDOException $e)
{
/*** echo the sql statement and error message ***/
echo $e->getMessage();
}
}
// the form is only displayed if the person is not logged.
if(!$logged){
?>
<head>
<link rel="stylesheet" type="text/css" href="additional.css" >
</head>
<h2>Medizininformatik Data Base: Login page</h2>
<form method='POST'>
<pre>
Username: <input type="text" name="user">
Password: <input type="password" name="pwd">
<input type="submit" value="Login">
</pre>
</form>
<?php
echo "<b>$message</b>";
}
?>