login page

login page

<!DOCTYPE html>
<html>

<img src="logo.png"/>
<body>
<h2>Login: </h2>
<form action="<?php $_PHP_SELF ?>" method="post">
Enter ID: <input type="text" name="id"/>
Enter Password: <input type="password" name="psw"/>
</br>

<select name = "type">
	<option>employee</option>
	<option>customer</option>
</select>

<input type="submit">
</form>






<?php
session_start();


{ 		//	Secure Connection Script
		// include('../../htconfig/dbConfig.php'); 
	$hostname = "sunapee.cs.dartmouth.edu";
	$username = "jiangy";
	$password = "databasespring";
	$database = "jiangy_db";

	$dbSuccess = false;
	$dbConnected = mysql_connect($hostname,$username,$password);

	if ($dbConnected) {		
		$dbSelected = mysql_select_db($database,$dbConnected);
		if ($dbSelected) {
			$dbSuccess = true;
		} 	
	}
		//	END	Secure Connection Script
}



if(isset($_POST["id"]) AND isset($_POST["psw"]) AND isset($_POST["type"])) {
	$ID = intval($_POST["id"]);
	$PSW = $_POST["psw"];
	$TYPE = $_POST["type"];



	$tUsers_SQLselect = "SELECT * ";
	$tUsers_SQLselect .= "FROM ";
	$tUsers_SQLselect .= "users ";
	$tUsers_SQLselect .= "WHERE user_id  = '".$ID."' ";
	$tUsers_SQLselect .= "AND user_psw  = '".$PSW."' ";
	$tUsers_SQLselect .= "AND user_type  = '".$TYPE."' ";

	$tUsers_SQLselect_Query = mysql_query($tUsers_SQLselect);	


	if($tUsers_SQLselect_Query == TRUE) {
		while($row = mysql_fetch_array($tUsers_SQLselect_Query))
		{
		 	
		    // echo $fullname;
		    $_SESSION['id'] = $ID;
		    $_SESSION['type'] = $TYPE;
		    $_SESSION['fullname'] = $row["user_fname"]." ".$row["user_lname"];
		    if($TYPE == "employee"){
		    	$_SESSION['e_loggedin'] = true;
		    	header("Location: employeepage.php");
		    }
		    else {
		    	$_SESSION['c_loggedin'] = true;
		    	header("Location: customerpage.php");
		    }


		} 
		
		echo "The ID or password is wrong, try again.";
		

	} 

}
?>



</body>
<footer><p>Yuan JIANG, database: jiangy_db, CS61-Spring</p></footer>
</html>