<!--
	Filename: 489projectRegistrationAction.php
	Name: Andrew Bright
-->
<!doctype html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="styling.css">
<title>Bacteria and Cancer links</title>
</head>
<body>
<div style="text-align:center">
	<h1>
	Bacteria and Cancer links login </h1>
</div>
<body>
<div style="color: white; text-align: center">
	<br/><br/><br/><br/>
	<?php
	session_start();
	if(isset( $_SESSION['user_id'] ))
	{
		print "A user is already logged in";
?>
	<br/><br/><br/><br/><button><a href="489projectLogin.php">Logout</a></button>
</div>
</body>
</html>
<?php
	}
	else
	{
		$username = filter_var($_POST["user"], FILTER_SANITIZE_STRING);
		if($username)
		$username = hash('sha512', filter_var($_POST["user"], FILTER_SANITIZE_STRING));
		$pswd = strip_tags( trim($_POST["pswd"]));
		if($pswd)
		$pswd = hash('sha512', $_POST["pswd"]);
		$host = 'localhost';
		$user = 'asbright';
		$pass = 'Diablo2986!';
		$database = 'asbright';
		$tablename = 'Users';
		$connect = mysql_connect($host, $user, $pass);
		if ($username && $pswd)
		{
		//connect to db
		$connect = mysql_connect("$host","$user","$pass") or die("not connecting");
		mysql_select_db($database) or die("no db :'(");
		$query = mysql_query("SELECT * FROM $tablename WHERE username='$username' AND userPass='$pswd'");
		$numrows = mysql_num_rows($query);
			if ($numrows == 0)
			{
?>
<h2 style="color:white">
<?php
				echo "Invalid username or password!";
?>
</h2>
<br/><br/><br/><br/>
<button><a href="489projectLogin.php">Try Again</a></button>
</div>
<?php
			}
			else
			{
?>
<p>
<?php
				$row = mysql_fetch_assoc($query);
				$id = $row['userId'];
				$_SESSION['user_id'] = $id;
?>
<script type="text/javascript">
				<!--
					window.location = "489projectSplash.php"
				-->
				</script>
<br/><br/><br/><br/>
<button><a href="489projectSplash.php">Continue to splash page</a></button>
</p>
</div>
</body>
</html>
<?php
			}
		}
	}
?>