", "danger");
} else if($_POST['password'] == '') {
$msgBox = alertBox($accountPasswordReq, "", "danger");
} else {
// Check if the User account has been activated
$empEmail = (isset($_POST['empEmail'])) ? $mysqli->real_escape_string($_POST['empEmail']) : '';
$check = $mysqli->query("SELECT isActive FROM employees WHERE empEmail = '".$empEmail."'");
$row = mysqli_fetch_assoc($check);
// If the account is active - allow the login
if ($row['isActive'] == '1') {
$password = encryptIt($_POST['password']);
if($stmt = $mysqli -> prepare("
SELECT
empId,
isAdmin,
isMgr,
empEmail,
empFirst,
empLast,
empPosition
FROM
employees
WHERE
empEmail = ? AND
password = ?
")) {
$stmt -> bind_param("ss",
$empEmail,
$password
);
$stmt -> execute();
$stmt -> bind_result(
$empId,
$isAdmin,
$isMgr,
$empEmail,
$empFirst,
$empLast,
$empPosition
);
$stmt -> fetch();
$stmt -> close();
if (!empty($empId)) {
if (session_id() == '') {
session_start();
}
$_SESSION["empId"] = $empId;
$_SESSION["isAdmin"] = $isAdmin;
$_SESSION["isMgr"] = $isMgr;
$_SESSION["empEmail"] = $empEmail;
$_SESSION["empName"] = $empFirst.' '.$empLast;
$_SESSION["empPosition"] = $empPosition;
header('Location: index.php');
} else {
$msgBox = alertBox($loginFailedMsg, "", "danger");
}
}
// Update Last Visited Date for User
$empLastVisited = date("Y-m-d H:i:s");
$sqlStmt = $mysqli->prepare("
UPDATE
employees
SET
empLastVisited = ?
WHERE
empId = ?
");
$sqlStmt->bind_param('ss',
$empLastVisited,
$empId
);
$sqlStmt->execute();
$sqlStmt->close();
} else if ($row['isActive'] == '0') {
// If the account is not active, show a message
$msgBox = alertBox($inactiveAccountMsg, "", "warning");
} else {
// No account found
$msgBox = alertBox($noAccountFoundMsg, "", "danger");
}
}
}
// Reset Account Password Form
if (isset($_POST['submit']) && $_POST['submit'] == 'resetPass') {
// Set the email address
$theEmail = (isset($_POST['theEmail'])) ? $mysqli->real_escape_string($_POST['theEmail']) : '';
// Validation
if ($_POST['theEmail'] == "") {
$msgBox = alertBox($accountEmailReq, "", "danger");
} else {
$query = "SELECT empEmail FROM employees WHERE empEmail = ?";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s",$theEmail);
$stmt->execute();
$stmt->bind_result($empEmail);
$stmt->store_result();
$numrows = $stmt->num_rows();
if ($numrows == 1){
// Generate a RANDOM Hash for a password
$randomPassword = uniqid(rand());
// Take the first 8 digits and use them as the password we intend to email the Employee
$emailPassword = substr($randomPassword, 0, 8);
// Encrypt $emailPassword for the database
$newpassword = encryptIt($emailPassword);
//update password in db
$updatesql = "UPDATE employees SET password = ? WHERE empEmail = ?";
$update = $mysqli->prepare($updatesql);
$update->bind_param("ss",
$newpassword,
$theEmail
);
$update->execute();
// Send out the email in HTML
$installUrl = $set['installUrl'];
$siteName = $set['siteName'];
$businessEmail = $set['businessEmail'];
$subject = $resetPassEmailSubject;
$message = '';
$message .= ''.$subject.'
';
$message .= ''.$resetPassEmail1.'
';
$message .= '
';
$message .= ''.$emailPassword.'
';
$message .= '
';
$message .= ''.$resetPassEmail2.'
';
$message .= ''.$resetPassEmail3.'
';
$message .= ''.$emailThankYou.'
';
$message .= '';
$headers = "From: ".$siteName." <".$businessEmail.">\r\n";
$headers .= "Reply-To: ".$businessEmail."\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (mail($theEmail, $subject, $message, $headers)) {
$msgBox = alertBox($passwordResetMsg, "", "success");
$isReset = 'true';
$stmt->close();
}
} else {
// No account found
$msgBox = alertBox($noAccountFoundMsg, "", "warning");
}
}
}
?>
<?php echo $set['siteName']; ?> · <?php echo $loginPageTitle; ?>
