-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthenticate.php
More file actions
97 lines (77 loc) · 3.99 KB
/
authenticate.php
File metadata and controls
97 lines (77 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
</html>
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
include("connection.php");
$_SESSION['receptionistID'] = $_POST['receptionistID'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$receptionistFirstName = $_POST["receptionistFirstName"];
$receptionistLastName = $_POST["receptionistLastName"];
$password = $_POST["password"];
$receptionistID = $_POST["receptionistID"];
$receptionistPhone = $_POST["receptionistPhone"];
$receptionistEmailConformation = isset($_POST["receptionistEmailConformation"]);
if ((($_POST["receptionistEmailConformation"]) == true)){
$receptionistEmail = $_POST["receptionistEmail"];
} else {
$receptionistEmail = null;
}
$dropDown = $_POST["dropDown"];
// Querying the database for authentication
if ($receptionistEmail != null || $receptionistEmailConformation == true){
$query = "SELECT * FROM receptionist WHERE firstName = ? AND lastName = ? AND password = ? AND id = ? AND phoneNumber = ? AND emailAddress = ?";
// to prevent SQL injection
$stmt = $con->prepare($query);
$stmt->bind_param("ssssss", $receptionistFirstName, $receptionistLastName, $password, $receptionistID, $receptionistPhone, $receptionistEmail); // ssss because they're all strings
$stmt->execute();
$stmt->bind_result($dbreceptionistFirstName, $dbreceptionistLastName, $dbpassword, $dbreceptionistID, $dbreceptionistPhone, $dbreceptionistEmail); // Update with your actual column names
$stmt->fetch();
} else {
$query = "SELECT firstName, lastName, password, id, phoneNumber FROM receptionist WHERE firstName = ? AND lastName = ? AND password = ? AND id = ? AND phoneNumber = ?";
// to prevent SQL injection
$stmt = $con->prepare($query);
$stmt->bind_param("sssss", $receptionistFirstName, $receptionistLastName, $password, $receptionistID, $receptionistPhone); // ssss because they're all strings
$stmt->execute();
$stmt->bind_result($dbreceptionistFirstName, $dbreceptionistLastName, $dbpassword, $dbreceptionistID, $dbreceptionistPhone); // Update with your actual column names
$stmt->fetch();
}
if ($dbreceptionistFirstName !== null) {
$_SESSION['receptionistID'] = $dbreceptionistID; // session variable to send over names
switch ($dropDown){
case 'searchreceptionist':
header('Location:searchReceptionist.php');
break;
case 'updatePatientInfo':
header('Location:updateInfo.php');
break;
case 'scheduleAppt':
header('Location:verifyPatient.php');
break;
case 'cancelAppt':
header('Location:cancelAppt.php');
break;
case 'scheduleProcedure':
header('Location:scheduleProcedure.php');
break;
case 'cancelProcedures':
header('Location:cancelProcedure.php');
break;
case 'createNewPatient':
header('Location:createNewPatient.php');
break;
case 'accessMainDatabase':
header('Location:databasemain.html');
break;
default:
header('Location:main.html');
break;
}
} else {
header('Location:main.html');
echo json_encode(["success" => false, "error" => 1]);
}
$stmt->close();
}
$con->close();
?>