a more realized login system - iwa-panda1 - Manage Weather Data by International Weather Agency (Version 1)

commit c2f19f1b477854c0d79d7a08e1bd35e22d407358
parent 9421c0e198e43af55fcf03c7a4169f44dea48d89
Author: Gerco van Woudenbergh <[email protected]>
Date:   Fri, 24 Mar 2023 12:17:45 +0100

a more realized login system

Diffstat:
M crud_user.php  | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------
A dashboard.php  | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D index.php  | 51 ---------------------------------------------------
A login.php  | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++

4 files changed, 165 insertions(+), 77 deletions(-)
diff --git a/crud_user.php b/crud_user.php
@@ -1,29 +1,61 @@
-<?php
-$servername = "86.92.67.21";
-$username = "friedel";
-$password = "koffiemetzuiker";
-$dbname = "wap2";
-// Create connection
-$conn = mysqli_connect($servername, $username, $password, $dbname);
-// Check connection
-if (!$conn) {
-  die("Connection failed: " . mysqli_connect_error());
-}
+<html lang="nl">
+    <head>
+        <meta charset="UTF-8">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>User toevoegen</title>
+    </head>
+    <body>
 
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    // collect value of input field
-    $vname = $_POST['voornaam'];
-    $aname = $_POST['achternaam'];
-    $email = $_POST['email'];
-    $password = $_POST['password'];
-    $permissions = $_POST['permissions'];
-}
-$hash = password_hash($password, PASSWORD_DEFAULT);
+    <h1>User toevoegen</h1>
 
-$sql = "INSERT INTO medewerkers (voornaam, achternaam, email, wachtwoord, permissie_niveau) VALUES(?, ?, ?, ?, ?);";
-$stmt= $conn->prepare($sql);
-$stmt->bind_param("sssss", $vname, $aname, $email, $hash, $permissions);
-$stmt->execute();
+    <form action="crud_user.php" method="post">
+        <p>
+            <b>Voornaam:</b> <input type="text" name="voornaam" id="voornaam" placeholder="Voornaam">
+            <b>Achternaam:</b> <input type="text" name="achternaam" id="achternaam" placeholder="Achternaam">
+            <b>Email</b> <input type="text" name="email" id="email" placeholder="Email">
+            <b>Wachtwoord</b> <input type="password" name="password" id="password" placeholder="******">
+            <br>
+            <p>Please select the user permissions:</p>
+            <input type="radio" id="Admin" name="permissions" value="1">
+            <label for="html">Admin</label><br>
+            <input type="radio" id="Administratief medewerker" name="permissions" value="2">
+            <label for="Administratief medewerker">Administratief medewerker</label><br>
+            <input type="radio" id="Wetenschappelijk medewerker" name="permissions" value="3">
+            <label for="Wetenschappelijk medewerker">Wetenschappelijk medewerker</label> 
+        </p>
 
-mysqli_close($conn);
-?>
+        <p><input type="submit" name="submit" value="Voeg toe"></p>
+
+    </form>
+    <?php
+    $servername = "86.92.67.21";
+    $username = "friedel";
+    $password = "hailiwa";
+    $dbname = "wap2";
+    // Create connection
+    $conn = mysqli_connect($servername, $username, $password, $dbname);
+    // Check connection
+    if (!$conn) {
+      die("Connection failed: " . mysqli_connect_error());
+    }
+
+    if ($_SERVER["REQUEST_METHOD"] == "POST") {
+        // collect value of input field
+        $vname = $_POST['voornaam'];
+        $aname = $_POST['achternaam'];
+        $email = $_POST['email'];
+        $password = $_POST['password'];
+        $permissions = $_POST['permissions'];
+    }
+    $hash = password_hash($password, PASSWORD_DEFAULT);
+
+    $sql = "INSERT INTO medewerkers (voornaam, achternaam, email, wachtwoord, permissie_niveau) VALUES(?, ?, ?, ?, ?);";
+    $stmt= $conn->prepare($sql);
+    $stmt->bind_param("sssss", $vname, $aname, $email, $hash, $permissions);
+    $stmt->execute();
+
+    mysqli_close($conn);
+    ?>
+    </body>
+</html>
diff --git a/dashboard.php b/dashboard.php
@@ -0,0 +1,56 @@
+<?php
+session_start();
+
+// Check if user is logged in and has permission level set
+if(!isset($_SESSION['permissions'])) {
+    // Redirect to login page if permission level is not set
+    header('Location: login.php');
+    exit;
+}
+
+// Get the permission level of the user
+$permission_level = $_SESSION['permissions'];
+
+// Define the links for each type of employee
+if($permission_level == 1) {
+    // Admin links
+    $links = array(
+        array('url' => 'admin_page_1.php', 'title' => 'Admin Page 1'),
+        array('url' => 'admin_page_2.php', 'title' => 'Admin Page 2'),
+        array('url' => 'admin_page_3.php', 'title' => 'Admin Page 3')
+    );
+} else if($permission_level == 2) {
+    // Administrative employee links
+    $links = array(
+        array('url' => 'admin_employee_page_1.php', 'title' => 'Admin Employee Page 1'),
+        array('url' => 'admin_employee_page_2.php', 'title' => 'Admin Employee Page 2'),
+        array('url' => 'admin_employee_page_3.php', 'title' => 'Admin Employee Page 3')
+    );
+} else if($permission_level == 3) {
+    // Scientific employee links
+    $links = array(
+        array('url' => 'scientific_employee_page_1.php', 'title' => 'Scientific Employee Page 1'),
+        array('url' => 'scientific_employee_page_2.php', 'title' => 'Scientific Employee Page 2'),
+        array('url' => 'scientific_employee_page_3.php', 'title' => 'Scientific Employee Page 3')
+    );
+} else {
+    // Redirect to login page if permission level is invalid
+    header('Location: login.php');
+    exit;
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Dashboard</title>
+</head>
+<body>
+    <h1>Dashboard</h1>
+    <ul>
+        <?php foreach($links as $link) { ?>
+            <li><a href="<?php echo $link['url']; ?>"><?php echo $link['title']; ?></a></li>
+        <?php } ?>
+    </ul>
+</body>
+</html>
diff --git a/index.php b/index.php
@@ -1,51 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>Login Page</title>
-  </head>
-  <body>
-    <h2>Login</h2>
-    <?php
-      if(isset($_POST['login'])) {
-        $gebruikersnaam = $_POST['username'];
-        $wachtwoord = $_POST['password'];
-        
-        // perform validation and authentication
-        $servername = "86.92.67.21";
-        $username = "friedel";
-        $password = "koffiemetzuiker";
-        $dbname = "wap2";
-
-        $conn = mysqli_connect($servername, $username, $password, $dbname);
-        
-        $sql = "select medewerker_id, wachtwoord, permissie_niveau from medewerkers where medewerker_id like ?;";
-        $stmt= $conn->prepare($sql);
-        $stmt->bind_param("s", $username);
-        $stmt->execute();
-        
-        $row = mysqli_fetch_assoc($result);
-        if(!empty($row)){
-          if($gebruikersnaam === $row['medewerker_id'] && password_verify($wachtwoord, $row['wachtwoord']))
-          {
-            session_start();
-            $_SESSION['gebruikers_id'] = $gebruikersnaam;
-            $_SESSION['permissions'] = $row['permissie_niveau'];
-            header('Location: dashboard.php');
-            echo"gebruikers id". $_SESSION['gebruikers_id'] ."permissie niveau " . $_SESSION['permissie_niveau'];
-          } else {
-            echo '<p style="color:red">Invalid username or password.</p>';
-          }
-      }else{
-        echo '<p style="color:red">Invalid username or password.</p>';
-      }
-      }
-    ?>
-    <form method="POST">
-      <label>Username:</label>
-      <input type="text" name="username"><br><br>
-      <label>Password:</label>
-      <input type="password" name="password"><br><br>
-      <input type="submit" name="login" value="Login">
-    </form>
-  </body>
-</html>
diff --git a/login.php b/login.php
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Login Page</title>
+  </head>
+  <body>
+    <h2>Login</h2>
+    <?php
+        // fetch data from the form
+        $gebruikersnaam = $_POST['username'];
+        $wachtwoord = $_POST['password'];
+
+        // perform validation and authentication
+        $servername = "86.92.67.21";
+        $username = "friedel";
+        $password = "hailiwa";
+        $dbname = "wap2";
+        $conn = mysqli_connect($servername, $username, $password, $dbname);
+        
+        // create, prepare sql statement and execute sql statement
+        if($conn){
+          $sql = "select medewerker_id, wachtwoord, permissie_niveau from medewerkers where medewerker_id = ?;";
+          $stmt= $conn->prepare($sql);
+          $stmt->bind_param("i", $gebruikersnaam);
+          $stmt->execute();
+
+          $result = $stmt->get_result();
+          $row = $result->fetch_assoc();
+        }
+
+        //verification logic and $_SESSION start
+        if($gebruikersnaam == $row['medewerker_id'] && password_verify($wachtwoord, $row['wachtwoord']))
+        {
+          session_start();
+          $_SESSION['gebruikers_id'] = $row['medewerker_id'];
+          $_SESSION['permissions'] = $row['permissie_niveau'];
+          header('Location: dashboard.php');
+          echo"gebruikers id". $_SESSION['gebruikers_id'] ."permissie niveau " . $_SESSION['permissie_niveau'];
+        } else {
+          echo '<p style="color:red">Invalid username or password.</p>';
+        }
+    ?>
+    <form method="POST">
+      <label>Username:</label>
+      <input type="text" name="username"><br><br>
+      <label>Password:</label>
+      <input type="password" name="password"><br><br>
+      <input type="submit" name="login" value="Login">
+    </form>
+  </body>
+</html>

	iwa-panda1 Manage Weather Data by International Weather Agency (Version 1)
	Log \| Files \| Refs

M	crud_user.php	\|	84	++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------
A	dashboard.php	\|	56	++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D	index.php	\|	51	---------------------------------------------------
A	login.php	\|	51	+++++++++++++++++++++++++++++++++++++++++++++++++++