Code: Select all
<?
/* Include Files **********************/
require_once 'library/config.php';
/*************************************/
$errorMessage = '';
?>
<body>
<?php
if(isset($_SESSION['login_user']) && $_SESSION['login_user'] == $userName){
?>
<table cellpadding="0" cellspacing="10" border="0" bgcolor="#6CFF9D" width="170" style="font-family:sans-serif">
<tr>
<td align="center" style="font-size:14px;background-color:#461B7E;color:#ffffff">MY ACCOUNT MENU</td>
</tr>
<tr>
<td class="accountmenu"><a href="" class="accmenu">View/Edit Profile</a></td>
</tr>
<tr>
<td class="accountmenu"><a href="cart.php?action=view" class="accmenu">View Shopping Cart</a></td>
</tr>
<tr>
<td class="accountmenu"><a href="" class="accmenu">View Order History</a></td>
</tr>
<tr>
<td class="accountmenu" ><a href="" class="accmenu">Login</a></td>
</tr>
<tr>
<td class="accountmenu" ><a href="logout.php" class="accmenu">Logout</a></td>
</tr><?php echo $_SESSION['login_user'];?>
</table>
<?php
}else{
?>
<h4>Login</h4>
<form method="post"action="login2.php">
<div class="errorMessage" align="center"><?php echo $errorMessage; ?></div>
<table align="left" border="0" cellspacing="0" cellpadding="1">
<tr><td style="font-size:12px">Username:</td><td><input type="text" name="user" size="10" maxlength="30"></td></tr>
<tr><td style="font-size:12px">Password:</td><td><input type="password" name="pass" size="10" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="center">
<input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="center"><a href="register.php" class="1">Join</a></td></tr>
</table>
</form>
<?php
}
?>
</body>Code: Select all
<?php
require_once 'library/config.php';
// if we found an error save the error message in this variable
$errorMessage = '';
$userName = $_POST['user'];
$password = $_POST['pass'];
// first, make sure the username & password are not empty
if ($userName == '') {
$errorMessage = 'You must enter your username';
} else if ($password == '') {
$errorMessage = 'You must enter the password';
} else {
// check the database and see if the username and password combo do match
$sql = "SELECT *
FROM tbl_customer
WHERE Username = '$userName' AND Password = '$password'";
$result = dbQuery($sql);
if (dbNumRows($result) == 1) {
$row = dbFetchAssoc($result);
$_SESSION['thesis1_Customerno'] = $row['Customerno'];
/*
// log the time when the user last login
$sql = "UPDATE tbl_admin
SET admin_last_login = NOW()
WHERE admin_id = '{$row['admin_id']}'";
dbQuery($sql);
*/
// now that the user is verified we move on to the next page
// if the user had been in the admin pages before we move to
// the last page visited
if(isset($_SESSION['login_user'])) {
header('Location: index.php');
exit;
}
} else {
$errorMessage = 'Wrong username or password';
}
}
return $errorMessage;
?>http://jehlion.org/im_thesis/ieccTESTproj/index.php