Developing Login Page with password verification

file 1 - login.php

<html> 
<head>
<title>Login Form</title>
</head>
<body>
<strong>Login to MYCOMPANYHR system</strong>
<form name="formlogin" method="post" action="verify.php">
<table width="400" border="0">
<tr>
<td>Employee No</td>
<td><input name="EMPNO" type="text" maxlength="6">
Eg: 999999 </td>
</tr>
<tr>
<td>Password</td>
<td><input name="PASSWORD" type="password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="submit" type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>




file 2 - verify.php

<?php
$EMPNO=$_POST['EMPNO'];
$PASSWORD=$_POST['PASSWORD'];
$db=mysqli_connect("localhost","root","","mycompanyhr");
// database connection
if ($db==false) {
echo "Connect failed: ". mysqli_connect_error($db);
exit();
}
else {
echo "Connection successful";
}
$sql="select * from adminusers where EMPNO='$EMPNO'";
$rs=mysqli_query($db, $sql);
?>
<html>
<head>
<title>MyCOMPANYHR-verify</title>
</head>
<body>
<strong>Verify employee number and password</strong><br>
<?php
if(mysqli_num_rows($rs)==1){ //found one user
$record=mysqli_fetch_array($rs);
$DBPASSWORD=$record['PASSWORD'];//password from database
$USERPASSWORD=md5($PASSWORD);//MD5 password key-in by user
if($DBPASSWORD==$USERPASSWORD){
//compare password from database against password entered by user
echo "Username and password match,<br>";
echo "WELCOME $EMPNO !!!<br>";
echo "<a href='menu.php?EMPNO=$EMPNO'>
Click to ADMIN Menu </a><br>";
}
else{
echo "Username found, but password NOT match,<br>";
echo "<a href='javascript:history.back()'>
re-enter password</a><br>";
}
}
else{
echo "Username NOT found,<br>";
echo "<a href='javascript:history.back()'>re-login</a><br>";
}
?>
</body>
</html>




file 3 - menu.php

<?php
$db=mysqli_connect("localhost","root","","mycompanyhr");
// database connection
if ($db==false) {
echo "Connect failed: ". mysqli_connect_error($db);
exit();
}
else {
echo "Connection successful";
}
?>
<html>
<head>
<title>MyCOMPANYHR-menu</title>
</head>
<body>
<strong>Menu for MyCOMPANYHR administration</strong><br>
<?php
//script to display employees information
$EMPNO=$_GET['EMPNO'];
/*this SQL commad will fetch the employee's administration level,
firstname, lastname, workdept, deptname in their respective
tables*/
$sql="SELECT
adminusers.EMPNO,
adminusers.LEVEL,
employee.FIRSTNAME,
employee.LASTNAME,
employee.WORKDEPT,
department.DEPTNAME
FROM adminusers
INNER JOIN employee
ON adminusers.EMPNO = employee.EMPNO
INNER JOIN department
ON employee.WORKDEPT = department.DEPTNO
WHERE adminusers.EMPNO='$EMPNO'";
$rs=mysqli_query($db, $sql);
$record=mysqli_fetch_array($rs);
$level=$record['LEVEL'];
$firstname=$record['FIRSTNAME'];
$lastname=$record['LASTNAME'];
$workdept=$record['WORKDEPT'];
$deptname=$record['DEPTNAME'];
?>
Welcome, <? echo "$EMPNO $firstname $lastname"?> <br>
From department: <? echo "$workdept $deptname"?> <br>
<?php
//this menu displays depending on the users level
//if level is 1, full access
//if level is 2, limited access
if($level==1){
?>
Menu : full access administration<br>
1. <a href="searchform.php">Search employee</a><br>
2. <a href="forminsert.php">Insert a new employee</a><br>
3. <a href="listing-edit.php">Update informatiexisting employee</a><br>
4. <a href="listing-edit.php">Delete existing
employee</a><br>
5. <a href="logout.php">Logout</a><br>
<?php
}//end level 1
else if($level==2){
?>
Menu : limited access user <br>
1. <a href="searchform.php">Search employee</a><br>
2. <a href="formupdate-personal.php">Update personal information</a><br>
3. <a href="logout.php">Logout</a><br>
<?php
}//end level 2
?>
</body>
</html>


Popular Posts

WorldConferences.net