"; // }else{ // echo "user didn't exist.
"; // } // while($row=mysqli_fetch_array($result)){ // echo $row['emp_id']. "
"; // echo $row['f_name']. "
"; // } //CHECK IF USERNAME EXIST IN TABLE $sqlExist = "SELECT * FROM pms_employee_data WHERE emp_id='$username'"; $resultExist = mysqli_query($conn,$sqlExist) or die("Bad query"); $existRow = mysqli_num_rows($resultExist); //CHECK IF ACCOUNT IS ACTIVE $sqlStat = "SELECT * FROM pms_employee_data WHERE emp_id='$username' AND `account_status`=1"; $resultStat = mysqli_query($conn,$sqlStat) or die("Bad query"); $statRow = mysqli_num_rows($resultStat); //CHECK IF USERNAME AND PASSWORD MATCH THE RECORD $sqlValidate = "SELECT * FROM pms_employee_data WHERE emp_id='$username' AND `pass_word_a`='{$passwordHash}'"; $resultValidate = mysqli_query($conn,$sqlValidate) or die("Bad query"); $validateRow = mysqli_num_rows($resultValidate); //CHECK IF ACCOUNT IS LOCKEDOUT DUE TO WRONG PASSWORD 5X IN A ROW $sqlLocked = "SELECT * FROM pms_employee_data WHERE emp_id='$username' AND `u_locked_count` > 4"; $resultLocked = mysqli_query($conn,$sqlLocked) or die("Bad query"); $accLockedout = mysqli_num_rows($resultLocked); //VALIDATE ERRORS AND RETURN TO USER if (empty($username) === true || empty($password) ===true){ $errors = 'You need to enter a valid username and password.'; $stat='error'; }else if($existRow == 0){ $errors = 'Username doesn\'t exist.'; $stat='error'; } else if($statRow == 0){ $errors = 'Please Activate your account first.'; $stat='error'; }else if($validateRow==0){ $errors = 'Invalid username or password. '; $getLockedCount = "SELECT u_locked_count FROM `pms_employee_data` WHERE emp_id ='$username'"; $lockResult = mysqli_query($conn,$getLockedCount); while($val = mysqli_fetch_array($lockResult)){ $value =$val['u_locked_count']; } //echo $value; $newLockCount = $value + 1; $sql = "UPDATE pms_employee_data SET u_locked_count=$newLockCount WHERE emp_id='$username'"; if ($conn->query($sql) === TRUE) { } if($value > 4){ $errors = 'Your account has been locked out'; echo ""; } $stat='error'; }else if($accLockedout==1){ $errors = 'Your account has been locked out'; $stat='error'; }else{ $sql = "UPDATE pms_employee_data SET u_locked_count=0"; if ($conn->query($sql) === TRUE) { } $sqlSetCookie = "SELECT * FROM `pms_employee_data` WHERE `emp_id`='$username' AND `pass_word_a`='{$passwordHash}'"; $getIDSQL = mysqli_query($conn,$sqlSetCookie) or die("Bad query"); while($row=mysqli_fetch_array($getIDSQL)){ $myUserID = $row['id']; $myUserName = $row['emp_id']; $proPic = $row['profile_pic']; $companyID = $row['comp_id']; } $_SESSION['compID'] = $companyID; $_SESSION['userID'] = $myUserID; $_SESSION['userName'] = $myUserName; $_SESSION['profilePic'] = $proPic; $_SESSION['time'] = time(); $cookie_name="pms_cook"; setcookie($cookie_name, $myUserID, time() + (86400 * 30), "/"); // 86400 = 1 day //echo "Value is: " . $_COOKIE[$cookie_name]; $sql = "INSERT INTO login_history (`id`, `login_id`,`u_name`, `notes`, `date_time`) VALUES ('', '$myUserID','$myUserName', 'login', '$myTimeStamp')"; if ($conn->query($sql) === TRUE) { } else { } echo ""; } echo "

".$errors."

"; } ?>