site_prototype/chkStudentID.php at master · ua-devs/site_prototype · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<?php
	require 'student.php';

    $varStudentID = $_POST['studentID'];
    $varPasskey = $_POST['passkey'];

	#let's define a student
    $student = new Student($varStudentID);
    #then let's check if he's in the db
	if ($student->isAuthenticated($varStudentID,$varPasskey)){
		#Student is ok! let's save the ID into the SESSION
		$_SESSION['varStudentID']= $varStudentID;
		#Note that we can save the $student object into the SESSION but in case we become traffic-heavy or Student contains unserializable properties (like its $db property), they will come out in unexpected form, and it's better to requery the Student (store only the ID) in the next page (see http://stackoverflow.com/questions/132194/php-storing-objects-inside-the-session)
		header("Location: dashboard.php");
	}
	else {
		// header("Location: index.php?chkLogin=1");
		header("Location: index.php?chkLogin=failed");
	}

	//require 'config.php';
	// $pdo = Database::connect();
	// $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	// $sql="SELECT * FROM kioskuser u WHERE u.studid = ? AND u.password = ?";
 	//    $q = $pdo->prepare($sql);
	// $q->execute(array($varStudentID,$varPasskey));

	// $count = $q->rowCount();

	// if($count == 1){
	// $sql1="SELECT u.userNo FROM kioskuser u WHERE u.studid = '$varStudentID' AND u.password = '$varPasskey'";
	// foreach ($pdo->query($sql1) as $row) {
	// $userNo = $row['u.userNo'];
	// }
	// $_SESSION['varStudentID']= $varStudentID;
	// $_SESSION['varPasskey']= $varPasskey;
	// $_SESSION['varUserNo'] = $userNo;
	// Database::disconnect();

	// header("Location: dashboard.php");
	// }
	// else {
	// $_SESSION['varStudentID']= null;
	// $_SESSION['varPasskey']= null;
	// $_SESSION['varUserID'] = null;
	// Database::disconnect();
	// header("Location: index.php?chkLogin=1");
	// }
?>