HospitalManagementSystem/adminCreateStaffReplacement.php at main · Dec-246/HospitalManagementSystem · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<!-- staff user registration  -->

<?php
// Registration Logic
ini_set("display_errors", 1);
require('patientSessions.php');
require('config.php');

$regLogin = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$regStaffPassword = $_POST['staffPassword'];
$regStaffPasswordConfirm = $_POST['staffPasswordConfirm'];
$regFirstName = $_POST['firstName'];
$regLastName = $_POST['lastName'];
$regPhoneNumber = $_POST['phoneNumber'];
$regGender = $_POST['gender'];
$regHireDate = $_POST['hireDate'];
$regDepartmentID = $_POST['department_id'];
$regStaffRole = $_POST['staffRole'];
$regSalary = $_POST['salary'];

if (!$regLogin) {
    $_SESSION['regError'] = 1;
    $referer = "adminCreateStaffForm.php";
    header("Location: ". $referer);
    exit;
}

//check if password correct
if ($regStaffPassword != $regStaffPasswordConfirm || $regStaffPassword == "") {  //regPassword ==  regPatientPassword
    $_SESSION['regError'] = 2;
    $referer = "adminCreateStaffForm.php";
    header("Location: ../".$referer);
    exit;
} else {

    // Password is valid
    // Code to Check if the user has already registered
    $stmt = $conn->prepare("SELECT * FROM staff WHERE email = ?"); //userLogin== email
    $stmt->bind_param("s", $regLogin);
    $stmt->execute();
    $stmt->store_result();
    $numUsers = $stmt->num_rows;

    if ($numUsers == 1) {
        $_SESSION['regError'] = 3;
        $referer = "adminCreateStaffForm.php";
    } else {

        // Insert the New User into the Database
        $stmt = $conn->prepare("INSERT INTO staff(email, staffPassword, firstName, lastName, phoneNumber, gender, hireDate, department_id, staffRole) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"); // users== patient  //userPassword == patientPassword
        $hashedPw = password_hash($regStaffPassword, PASSWORD_BCRYPT);
        $stmt->bind_param("sssssssis", $regLogin, $hashedPw, $regFirstName, $regLastName, $regPhoneNumber, $regGender, $regHireDate, $regDepartmentID, $regStaffRole);
        $stmt->execute();

        if (isset($_SESSION['regError'])) {
            unset($_SESSION['regError']);
        }
        $referer = "adminDashboard.php";
    }
}

$stmt->close();
$conn->close();

header("Location: ".$referer); // send user to diff page
exit;