Untitled

mail@pastecode.io avatar
unknown
plain_text
7 months ago
2.9 kB
10
Indexable
Never
<?php
session_start();
include('db/db_connection.php');
if (isset($_POST['btnsubmit'])) {
    $email = $_POST["email"];
    $password = $_POST["password"];
    //Retrieve the hashed password first
    //$isValidPassword = password_verify($enteredPassword, $storedHashedPassword);

    $sql = "SELECT * FROM tbl_Users WHERE email = ? AND pass = ?";
    $params = array(&$email, &$password);
    $stmt = sqlsrv_query($conn, $sql, $params);

    if ($stmt) {
        if (sqlsrv_fetch($stmt)) {
            $comId = sqlsrv_get_field($stmt, 1);
            $privilege = sqlsrv_get_field($stmt, 10);
            if ($privilege === "Administrator") {
                $_SESSION['loginID'] = $comId;

                $sql = "UPDATE tbl_Users
                SET loginstat = ? WHERE ucomid = ?";
                $params = array(1, $comId);
                $stmt = sqlsrv_query($conn, $sql, $params);

                header("Location: pages/adminDashboard.php", true, 301);
                die("Query failed: " . sqlsrv_errors());
            } elseif ($privilege === "Customer") {
                //Retrieve
                $_SESSION['loginID'] = $comId;

                $sql = "UPDATE tbl_Users
                SET loginstat = ? WHERE ucomid = ?";
                $params = array(1, $comId);
                $stmt = sqlsrv_query($conn, $sql, $params);
                header("Location: cuspages/cusDashboard.php", true, 301);
                //die("Query failed: " . sqlsrv_errors());
            } elseif ($privilege === "Support") {
                $_SESSION['loginID'] = $comId;

                $sql = "UPDATE tbl_Users
                SET loginstat = ? WHERE ucomid = ?";
                $params = array(1, $comId);
                $stmt = sqlsrv_query($conn, $sql, $params);
                //die("Query failed: " . print_r(sqlsrv_errors(), true));
                //echo $comId;
                header("Location: suppages/supDashboard.php", true, 301);
                die("Query failed: " . sqlsrv_errors());
            }
        } else {

            // echo "<script>
            // Swal.fire({
            //     title: 'Success',
            //     text: 'Item has been successfully added.',
            //     icon: 'error',
            //     confirmButtonColor: '#1B5E20',
            //     confirmButtonText: 'OK',
            //     allowOutsideClick: false
            // }).then((result) => {
            //     if (result.isConfirmed) {
            //         window.location.href = '../pages/items.php';
            //     }
            // });
            // </script>";
            //$errorMessage = "Login attempt failed. Please check your credentials.";
            //die("Query failed111: " . sqlsrv_errors());
        }
        sqlsrv_free_stmt($stmt);
    } else {
        echo "Error executing the SQL statement.";
    }
    sqlsrv_close($conn);
};
Leave a Comment