<?php
//=============================================================================
// This php scripts allows a customer to login
// if user logs in with proper user/pswd --> redirect to shopping page 
// if user clicks on register button     --> redirect to registration page
//=============================================================================
    include_once('dbIOoo.inc');			//include the IO object

    if ($_POST)       				#if 2nd or subsequent time
    {						
	$_GET = '';				#erase any $_GET variables 

    	validate_form();			#validate entry of user & pswd 	

	if (! $msg)				#if both user & pswd were entered 
	    read_pswd();			#read and validate user pswd 

	if (! $msg)				#if pswd matches what was entered
	{
	    session_start();			#start a session

	    $_SESSION[cust_id] = $cust_id;	#save session variables
	    $_SESSION[fname]   = $fname;
	    $_SESSION[lname]   = $lname;
	    $_SESSION[addr]    = $addr;

	    if (SID)				#must be using URL rewrite
		$sid = "?". SID;		#append ? and the SID		

	    header("Location: shopCart.php$sid");  #redirect to shopCart.php
	}					   #with session id (if any) 
    }

    if ($_GET[out])				#if logout was requested
    {
	session_start();			#obtain handle to the session
	session_destroy();			#delete session

	$msg = 'You have logged out successfully';
    }
    
    display();					#display the web page

//=============================================================================
// Validate all required input fields
//=============================================================================
    function validate_form()
    {
	global $user, $pswd, $msg;   

    	$user  = $_POST['user'];			#get HTML form entry fields 
    	$pswd  = $_POST['pswd'];

    	$msg;

	if (! $user or ! $pswd) {
	    $msg  = 'Please enter user id and password!';     
	    return;
	}
}

//=============================================================================
// Read pswd from the database
// validates to make sure user exists, and pswd is validate for user
//=============================================================================
    function read_pswd()
    {
	global $cust_id, $user, $pswd, $fname, $lname, $addr, $msg;   

	$host      = 'localhost';
	$port      =  null;
	$DBname    = 'demo2';
	$DBuser    = 'demo2';
	$DBpswd    = 'demo2';
 
        $io = new DBio($host,$port,$DBname,$DBuser,$DBpswd);	#create a DBio object

	$query = "SELECT cust_id, pswd, fname, lname, address 
	          FROM customer 
	          WHERE lower(user) = '$user'";		#not case sensitive

        $results = $io->process($query);			#issue the query		

	if (! $results[0])
	    $msg  = "User $user does not exist.  Please register first";     	

	if ($results[0] && $results[0]['pswd'] != $pswd)
	    $msg  = "Password is invalid for $user";     	

	$cust_id = $results[0][cust_id];				
	$fname   = $results[0][fname];
	$lname   = $results[0][lname];
	$addr    = $results[0][address];
    }

//==============================================================================
// Display the HTML page  
// if there are errors, display message
//==============================================================================
    function display()
    {
	global $user, $pswd, $save, $msg;   
?>
	<html>
	<head>
	<title>Shop.com</title>
	<style>
	    a {text-decoration:none; color:brown}
	</style>
	</head>

	<body bgcolor=lightyellow>
	<h1 align=center>Shop.Com</H1>

	<form method=POST>
	<fieldset style="width:350;border-color:red">
	<legend align="left">Sign In</legend>
	<table>
	<tr><td>Enter your user id   <td><input type=text     name=user value=<?php print $user?> >
	<tr><td>Enter your password  <td><input type=password name=pswd value=<?php print $pswd?> >
	<tr><td><td><input type=submit value="          Sign In        " > 
	</table>
	</fieldset>
	<br>
	<fieldset style="width:350;border-color:red">
	<legend align="center">Register</legend>
	 <input type=button value="Register  " onClick="location.href='shopProf.php'">
	If first time user, please register
	<br><br>
	</fieldset>
	</form>
	<div style="color:red;"> <?php print $msg?>   </div>
<?php
    }
//=============================================================================
?>

<hr/>
<center>
                        login         |
<a href=shopProf.php>   register </a> |
<a href=shopCart.php>   shop     </a> |
<a href=shop.php?out=y> logout   </a>
</center>

<?php include "../include.php"; ?>		<!-- hyperlink to see the code -->
</body>
</html>