ClassRoomPowerManagement_ServerSide/auth.php at master · blueshack112/ClassRoomPowerManagement_ServerSide · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
header("Content-type:application/json");
$_SERVER['CONTENT_TYPE'] = "application/x-www-form-urlencoded";
error_reporting (E_ALL ^ E_WARNING && E_NOTICE);

//response class
class AuthResponse {
    var $idFound;
    var $passwordCorrect;
    var $permissionLevel;
    var $holderFirstName;
    var $holderLastName;
    var $holderDesignation;

    function __construct () {
        $idFound = false;
        $passwordCorrect = false;
        $permissionLevel = "";
        $holderFirstName = "";
        $holderLastName = "";
        $holderDesignation = "";
    }
}

//Connection properties
$servername = "localhost";
$username = "root";
$password = "admin";

// Create connection
$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

//Extract id and password from GET
$userID = $_POST["userID"];
$pass = $_POST["userPass"];

//Run query for login authorization
$loginAccountsQuery = "SELECT * FROM db_classroom_management.tbl_login_accounts where account_id=".$userID;
$loginAccountsQueryResult = mysqli_query($conn, $loginAccountsQuery);

//Handle login authorization response
$numberOfRows = mysqli_num_rows($loginAccountsQueryResult);
$response = new AuthResponse();

if ($numberOfRows == 1) {
    $row = mysqli_fetch_assoc($loginAccountsQueryResult);
    $response->idFound = true;
    if ($row["password"] == $pass) {
        $response->passwordCorrect = true;
    } else {
        $response->passwordCorrect = false;
    }
    $response->permissionLevel = $row["permission_level"];
} else if ($numberOfRows == 0) {
    $response->idFound = false;
}

//Run query for account details account found
if ($response->idFound == true) {
    $teacherQuery = "SELECT * FROM db_classroom_management.tbl_teachers where teacher_id=".$userID;
    $teacherQueryResult = mysqli_query($conn, $teacherQuery);
    if ($numberOfRows == 1) {
        $teacherRow = mysqli_fetch_assoc($teacherQueryResult);
        $response->holderFirstName = $teacherRow["teacher_first_name"];
        $response->holderLastName = $teacherRow["teacher_last_name"];
        $response->holderDesignation = $teacherRow["teacher_designation"];
    }
}

echo json_encode($response);
?>