· 6 years ago · Jun 28, 2019, 04:47 PM
1login
2
3<!DOCTYPE html>
4<html>
5<head>
6<title>Employee Login</title>
7<link rel="stylesheet" href="style1.css">
8</head>
9<body>
10<form method="post" action="">
11 <table style="width: 100%">
12 <tr>
13 <td colspan="2">
14 <h1>Employee Login</h1>
15 </td>
16 </tr>
17 <tr>
18 <td style="width: 165px">User Name</td>
19 <td style="width: 557px">
20 <input name="username" style="width: 200px" type="text"
21 value="<?php if(!empty($_SESSION['username'])){echo $_SESSION['username'];} ?>">
22 </td>
23 </tr>
24 <tr>
25 <td style="width: 165px">Password</td>
26 <td style="width: 557px">
27 <input name="password" style="width: 199px" type="text">
28 </td>
29 </tr>
30
31 <tr>
32 <td style="width: 165px">
33 <input name="login" type="submit" value="Login"></td>
34 <td style="width: 557px">
35 <a href="insert_employee.php"> New Employee? Register here </a> </td>
36 <?php if(!empty($error)){echo$error;}?>
37 </tr>
38 </table>
39</form>
40</body>
41</html>
42
43
44<?php
45session_start();
46include 'dbconnection.php';
47include 'security.php';
48
49if(isset($_POST['username']) &&
50isset($_POST['password']) &&
51isset($_POST['login'])){
52
53$sql=" select * from employee where username=:un";
54$stmt = $conn-> prepare($sql);
55$stmt-> execute(array(
56':un' => $_POST['username'],
57));
58$row = $stmt->fetch(PDO::FETCH_ASSOC);
59$n=$stmt->rowCount();
60if(($n == 1) && (decrypt($row['password'])) == $_POST['password'])
61{
62$_SESSION['username'] = $_POST['username'];
63header("Location:view_services.php");
64}
65else {
66$error="Invalid username/password";
67}
68}
69
70?>
71
72logout
73
74<?php
75session_start();
76session_unset();
77session_destroy();
78header("Location:login.php");
79?>
80
81dbconnection
82
83<?php
84
85$host = "localhost";
86$user = "emp789";
87$pwd = "emp789";
88
89
90try{
91$conn = new PDO( "mysql:host=$host;dbname=emp789", $user, $pwd);
92$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
93//echo "Connected successfully";
94}
95catch(Exception $e){
96echo ("Internal Login Error, Please Contact Web Site Support");
97$error = "Error message: ".$e->getMessage() ." Error at line: ".$e->getLine()." in a file named : ".$e->getFile();
98error_log($error);
99return;
100}
101
102?>
103
104view
105
106<html>
107<head>
108<title>View Services</title>
109<link rel="stylesheet" href="style1.css">
110</head>
111<body>
112<form method="post" action="">
113<table>
114<tr> <td> <input name="add" type="submit" value="Add New Service">
115</td>
116</tr>
117<tr>
118<td> <a href="logout.php"> Logout </a></td>
119</tr>
120
121</table>
122</form>
123</body>
124</html>
125<?php
126session_start();
127include 'dbconnection.php';
128echo "<link rel='stylesheet' href='style1.css'>";
129if(isset($_SESSION['username']))
130{
131echo "Welcome ".$_SESSION['username']."<br>";
132 $sql = "select * from service";
133 $stmt = $conn-> query($sql);
134 $rows = $stmt-> fetchAll(PDO::FETCH_ASSOC);
135 $n = $stmt-> rowCount();
136
137 if($n > 0)
138 {
139 echo "<h2>List of available Services</h2>";
140 echo "<table>";
141 echo "<tr>";
142 echo "<th>Service ID</th>";
143 echo "<th>Service Name</th>";
144 echo "<th>Department</th>";
145 echo "<th>Amount</th>";
146 echo "</tr>";
147
148 foreach($rows as $row)
149 {
150 echo "<tr>";
151 echo "<td>{$row['id']}</td>";
152 echo "<td>{$row['servicename']}</td>";
153 echo "<td>{$row['department']}</td>";
154 echo "<td>{$row['amount']}</td>";
155 echo "</tr>";
156 }
157 echo "</table>";
158 }
159
160if(isset($_POST['add']))
161{
162header("Location:add_service.php");
163}
164 }//session closing braces
165 else
166
167 {
168
169 echo "Please login first to access the service page";
170 }
171?>
172
173security
174
175<?php
176
177//encrypt function....
178
179function encrypt($plaintext){
180
181 $secret_key = 'Web Application Development I';
182 $key = hash('sha256', $secret_key);
183
184
185 $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
186 $iv = openssl_random_pseudo_bytes($ivlen);
187 $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
188 $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
189 $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
190 return $ciphertext;
191}
192
193//decrypt function....
194
195function decrypt($ciphertext){
196
197 $secret_key = 'Web Application Development I';
198 $key = hash('sha256', $secret_key);
199
200 $c = base64_decode($ciphertext);
201 $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
202 $iv = substr($c, 0, $ivlen);
203 $hmac = substr($c, $ivlen, $sha2len=32);
204 $ciphertext_raw = substr($c, $ivlen+$sha2len);
205 $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
206 $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
207 if (hash_equals($hmac, $calcmac))
208 {
209
210 return $original_plaintext;
211 }}
212
213
214insert_employee
215
216<!DOCTYPE html>
217<html>
218<head>
219<title>Employee Registration</title>
220<link rel="stylesheet" href="style1.css">
221</head>
222<body>
223<form method="post" action="" enctype="multipart/form-data">
224 <table style="width: 100%">
225 <tr>
226 <td colspan="2">
227 <h1>Employee Registration</h1>
228 </td>
229 </tr>
230 <tr>
231 <td style="width: 165px">Employee ID</td>
232 <td>
233 <input name="empid" style="width: 200px" type="text">
234 </td>
235 </tr>
236 <tr>
237 <td style="width: 165px">Employee Name</td>
238 <td>
239 <input name="empname" style="width: 199px" type="text">
240 </td>
241 </tr>
242 <tr>
243 <td style="width: 165px">User Name</td>
244 <td>
245 <input name="username" style="width: 199px" type="text"> </td>
246 </tr>
247 <tr>
248 <td style="width: 165px">Password</td>
249 <td>
250 <input name="password" style="width: 200px" type="text">
251 </td>
252 </tr>
253 <tr>
254 <td style="width: 165px">Upload ID Card</td>
255 <td>
256 <input name="pic" style="width: 200px" type="file">
257 </td>
258 </tr>
259
260 <tr>
261 <td style="width: 165px">
262 <input name="register" type="submit" value="Register"></td>
263 <td>
264 <input name="Reset1" style="width: 66px" type="reset" value="Reset"></td>
265 </tr>
266 <?php if(!empty($error)){echo$error;}?>
267
268 </table>
269</form>
270</body>
271</html>
272
273
274<?php
275session_start();
276include 'dbconnection.php';
277include 'security.php';
278if(isset($_POST['empid']) &&
279isset($_POST['empname']) &&
280isset($_POST['username']) &&
281isset($_POST['password']) &&
282isset ($_FILES['pic']['name']) &&
283isset($_POST['register'])){
284
285$filename = $_FILES['pic']['name'];
286$tempname = $_FILES['pic']['tmp_name'];
287$folder = "pics/".$filename;
288move_uploaded_file($tempname,$folder);
289
290$sql="INSERT INTO employee (empid, empname, username, password, pic) VALUES (:ei, :en, :un, :pw, :pi)";
291$stmt = $conn-> prepare($sql);
292$stmt-> execute(array(
293':ei' => $_POST['empid'],
294':en' => $_POST['empname'],
295':un' => $_POST['username'],
296':pw' => encrypt($_POST['password']),
297':pi' => $folder
298));
299$_SESSION['username'] = $_POST['username'];
300header("Location:login.php");
301}
302if(empty($_POST['empid']) &&
303empty($_POST['empname']) &&
304empty($_POST['username']) &&
305empty($_POST['password']) &&
306empty($_FILES['pic']['name'])
307)
308{
309$error="All fields are required";
310}
311?>
312
313add_service
314
315<!DOCTYPE html>
316<html>
317<head>
318<title>Add New Service</title>
319<link rel="stylesheet" href="style1.css">
320</head>
321<body>
322<form method="post" action="" enctype="multipart/form-data">
323 <table style="width: 100%">
324 <tr>
325 <td colspan="2">
326 <h1>Add New Service</h1>
327 </td>
328 </tr>
329 <tr>
330 <td style="width: 165px">Service Name</td>
331 <td>
332 <input name="servicename" style="width: 199px" type="text">
333 </td>
334 </tr>
335 <tr>
336 <td style="width: 165px">Department</td>
337 <td>
338 <input name="department" style="width: 199px" type="text"> </td>
339 </tr>
340 <tr>
341 <td style="width: 165px">Amount</td>
342 <td>
343 <input name="amount" style="width: 200px" type="text">
344 </td>
345 </tr>
346 <tr>
347 <td style="width: 165px">Entry Date</td>
348 <td>
349 <input name="entrydate" style="width: 200px" type="text">
350 </td>
351 </tr>
352
353 <tr>
354 <td style="width: 165px">
355 <input name="add" type="submit" value="Add"></td>
356 <td>
357 <input name="Reset1" style="width: 66px" type="reset" value="Clear"></td>
358 </tr>
359 <?php if(!empty($error)){echo$error;}?>
360
361 </table>
362</form>
363</body>
364</html>
365
366
367<?php
368session_start();
369include 'dbconnection.php';
370if(isset($_POST['servicename']) &&
371isset($_POST['department']) &&
372isset($_POST['amount']) &&
373isset($_POST['entrydate']) &&
374isset($_POST['add'])){
375
376$sql="INSERT INTO service (servicename, department, amount, entrydate) VALUES (:sn, :dep, :py, :ed)";
377$stmt = $conn-> prepare($sql);
378$stmt-> execute(array(
379':sn' => $_POST['servicename'],
380':dep' => $_POST['department'],
381':py' => $_POST['amount'],
382':ed' => $_POST['entrydate']
383));
384header("Location:view_services.php");
385}
386if(empty($_POST['servicename']) &&
387empty($_POST['department']) &&
388empty($_POST['amount']) &&
389empty($_POST['entrydate'])
390)
391{
392$error="All fields are required";
393}
394?>
395
396
397end