<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 
     
    // This variable will be used to re-display the user's username to them in the 
    // login form if they fail to enter the correct password.  It is initialized here 
    // to an empty value, which will be shown if the user has not submitted the form. 
    $submitted_username = ''; 
     
    // This if statement checks to determine whether the login form has been submitted 
    // If it has, then the login code is run, otherwise the form is displayed 
    $amit="";
    //echo $_POST['PastYear']; exit;
    if($_POST['PastYear']!="")
    {
        $_SESSION['CurrYear']=str_replace("_","20",$_POST['PastYear']);
    }
    else
    {
        $_SESSION['CurrYear']=Date('Y');
    }
    if(!empty($_POST)) 
    { 
        //connect db for past year
        if(isset($_POST['PastYear']))
        {
            if($_POST['PastYear']!=Date('y'))
            {
                $_SESSION['PastYear']=$_POST['PastYear'];
            }
        }
        // This query retreives the user's information from the database using 
        // their username. 
        $query = " 
            SELECT 
                id, 
                username, 
                password, 
                salt, 
                email,
                type
            FROM users 
            WHERE 
                username = :username 
        "; 
         
        // The parameter values 
        $query_params = array( 
            ':username' => $_POST['username'] 
        ); 
         
        try 
        { 
            // Execute the query against the database 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            // Note: On a production website, you should not output $ex->getMessage(). 
            // It may provide an attacker with helpful information about your code.  
            die("Failed to run query: " . $ex->getMessage()); 
        } 
         
        // This variable tells us whether the user has successfully logged in or not. 
        // We initialize it to false, assuming they have not. 
        // If we determine that they have entered the right details, then we switch it to true. 
        $login_ok = false; 
         
        // Retrieve the user data from the database.  If $row is false, then the username 
        // they entered is not registered. 
        $row = $stmt->fetch();
        if($row) 
        { 
            // Using the password submitted by the user and the salt stored in the database, 
            // we now check to see whether the passwords match by hashing the submitted password 
            // and comparing it to the hashed version already stored in the database. 
            $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
            for($round = 0; $round < 65536; $round++) 
            { 
                $check_password = hash('sha256', $check_password . $row['salt']); 
            } 
             
            if($check_password === $row['password']) 
            { 
                // If they do, then we flip this to true 
                $login_ok = true; 
            } 
        } 
         
        // If the user logged in successfully, then we send them to the private members-only page 
        // Otherwise, we display a login failed message and show the login form again 
        if($login_ok) 
        { 
            // Here I am preparing to store the $row array into the $_SESSION by 
            // removing the salt and password values from it.  Although $_SESSION is 
            // stored on the server-side, there is no reason to store sensitive values 
            // in it unless you have to.  Thus, it is best practice to remove these 
            // sensitive values first. 
            unset($row['salt']); 
            unset($row['password']); 
             
            // This stores the user's data into the session at the index 'user'. 
            // We will check this index on the private members-only page to determine whether 
            // or not the user is logged in.  We can also use it to retrieve 
            // the user's details. 
            $_SESSION['user'] = $row; 
            //echo "<pre>"; print_r($schoolname); exit;
            include "config/dbconnect.php";
            $schoolcode=$_SESSION['code'];
            $schoolname="";
            $sel_school=mysqli_query($con,"select schoolname from schools where schoolCode='$schoolcode'");
            while($row_school=mysqli_fetch_array($sel_school))
            {
                $schoolname=$row_school['schoolname'];
            }
            $username=$row['username'];
            $usertype=$row['type'];
            $login_date=date('Y-m-d H:i:s');
            $insert_log=mysqli_query($con,"INSERT INTO `login_log`(`schoolcode`, `schoolname`, `userid`, `usertype`, `status`, `login_date`) VALUES ('$schoolcode','$schoolname','$username','$usertype','Login Successfully','$login_date')");
            
            if($row['type']=="Student_Management" || $row['type']=="Teacher" )
            {
                header("Location: student_management_system/pages/dashboard.php");
                exit;
            }
            
            if($row['type']=="Fees_Management")
            {
                 header("Location: dashboard.php");
            }
            if($row['type']=="Accounts" || $row['type']=="Account_Views")
            {
               header("Location: accounts/accounts_dashboard.php"); 
           
            }
             
            // Redirect the user to the private members-only page. 
            
            die("Redirecting to: private.php"); 
            $amit="1";
        } 
        
        
        //Student / Teacher Login
        else 
        { 
            
            session_start();
            include "config/config1.php";
           
           $username=mysqli_real_escape_string($con1,$_POST['username']);
           $password=mysqli_real_escape_string($con1,$_POST['password']);
            
       $result = mysqli_query($con1,"SELECT * FROM `student_registration` WHERE  `Username`='$username' and `Password`='$password' and `approve`='1'  ")or die(mysqli_error($con1));
	$row = mysqli_fetch_array($result);
	if(is_array($row)) {
		
		if($row['Class']=="Teacher")
		{
			 $_SESSION["cls"] = $row['Class'];

		}
		else
		{
			 $_SESSION["cls"] = "1";

		}
	
		
	 $_SESSION["S_id"] = $row['S_id'];
	
		} 
		
		
		if(isset($_SESSION["cls"]))
		{
	if($_SESSION["cls"] == "Teacher")
    {
  $amit="2";
	?>
				<script>
			 
				document.location="student_management_system/student/dashboard_teacher.php";
				</script>


<?php

}
else if($_SESSION["cls"] != "Teacher")
{
echo $_S;ESSION["cls"];
  $amit="3";
?>
				<script>
			document.location="student_management_system/student/dashboard.php";
				</script>


<?php

}
}

        } 
        
        
        //Library Login
        
        session_start();
        include "config/config1.php";
        
        $username=mysqli_real_escape_string($con1,$_POST['username']);
        $password=mysqli_real_escape_string($con1,$_POST['password']);
           
    $result = mysqli_query($con2,"SELECT * FROM `users_library` WHERE `Username`='$username' and `Password`='$password' ");
	$row  = mysqli_fetch_array($result);
// 	echo $row['Username'];
	if(is_array($row)) {
		
		
		
	 $_SESSION["librarymember"] = "yes";
	 if(empty($_SESSION['table_m']))
{
$table_s="book_table";
$_SESSION['table_m']=$table_s;
}
	
		} else {

	$message = "Invalid Data!";
	}
if(!empty($_SESSION["librarymember"])) {
      $amit="4";
        ?>
				<script>
				document.location="student_management_system/library_model/library/dashboard.php";
				</script>


<?php
}
    } 
    else
    {
          ?>
				<script>
				document.location="index.php";
				</script>


<?php
    }
    if($amit == "")
    {
                ?>
				<script>
				alert("Please Check Username and Password");
				document.location="index.php";
				</script>


<?php
    }
     
?>