<?php

session_start();

if(isset($_POST)[‘submit’]){

include ‘dbh.inc.php’

$Email = mysqli_real_escape_string($conn, $_POST[‘Email’]
$Password = mysqli_real_escape_string($conn, $_POST[‘Password’]

//Error handlers
//Check if input are empty
if (empty($Email)|| empty($Password)){
header(“Location: ../index.php?login=empty”);
exit();
}else{
$sql = “SELECT * FROM users WHERE ADMIN_EMAIL = ‘$Email'”;
$result = mysqli_query($conn,$sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck < 1){
header(“Location: ../index.php?login=error”);
exit();
}else{
if($row = mysqli_fetch_assoc($result)){
//Dehasing the password
$hashedPasswordCheck = password_verify($Password, $row[‘ADMIN_PASSWORD’]);
if($hashedPasswordCheck = false){
header(“Location: ../index.php?login=error”);
exit();
}elseif($hashedPasswordCheck == true){
//Log in user here
$_SESSION[‘u_StaffID] = $row[‘StaffID’];
$_SESSION[‘u_Name] = $row[‘ADMIN_NAME’];
$_SESSION[‘u_IC] = $row[‘IC’];
$_SESSION[‘u_Gender] = $row[‘GENDER’];
$_SESSION[‘u_Department] = $row[‘DEPARTMENT’];
$_SESSION[‘u_Access] = $row[‘ACCESS’];
$_SESSION[‘u_Email] = $row[‘ADMIN_EMAIL’];
$_SESSION[‘u_Password] = $row[‘ADMIN_PASSWORD’];
header(“Location: ../index.php?login=succes”);
exit();
}
}
}
}else{
header(“Location: ../index.php?login=error”);
exit();
}