
<%@page import="project.ConnectionProvider"%>
<%@page import="java.sql.*"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!--<%@page import="project.ValidationFunctions"%>-->


<%
    String email = request.getParameter("email");
    String password = request.getParameter("password");

    int z = 0;
    try {
        Class.forName("com.mysql.jdbc.Driver");
        Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/CLINIHR", "root", "Clinica123");
        Statement st = con.createStatement();

        ResultSet rs = st.executeQuery("select * from users where email='" + email + "' and password='" + password + "' and role='Admin'");
        while (rs.next()) {
            z = 1;
            boolean isValid = true;
            String errorMsg = "";

            // Example validation: Check if any field is empty
            if (email.isEmpty() || password.isEmpty()) {
                isValid = false;
                errorMsg = "All fields must be filled out";
            } else {
                // Email validation
                if (!ValidationFunctions.isValidEmail(email)) {
                    isValid = false;
                    errorMsg = "Invalid email address";
                    response.sendRedirect("login.jsp?msg=invalidEmail&error=" + java.net.URLEncoder.encode(errorMsg, "UTF-8"));
                }
            }
            //Password validation
            if (!ValidationFunctions.isValidPassword(password)) {
                isValid = false;
                errorMsg = "Invalid password";
                response.sendRedirect("login.jsp?msg=invalidPassword&error=" + java.net.URLEncoder.encode(errorMsg, "UTF-8"));
            }
        

        if (isValid) {
            // Proceed with registration
            // This is where you would insert the data into the database
            // Redirect or display success message
            session.setAttribute("email", email);
            response.sendRedirect("adminHome.jsp");
        } else {
            // Display error message
            response.sendRedirect("registerEmployee.jsp?msg=invalid&error=" + java.net.URLEncoder.encode(errorMsg, "UTF-8"));           
        }
        
        }
        ResultSet rs1 = st.executeQuery("select * from users where email='" + email + "' and password='" + password + "' and role='Employee'");
        while (rs1.next()) {
            z = 1;
            session.setAttribute("email", email);
            response.sendRedirect("employeeHome.jsp");
        }

        ResultSet rs2 = st.executeQuery("select * from users where email='" + email + "' and password='" + password + "' and role='Line Manager'");
        while (rs2.next()) {
            z = 1;
            session.setAttribute("email", email);
            response.sendRedirect("LMHome.jsp");
        }

        ResultSet rs3 = st.executeQuery("select * from users where email='" + email + "' and password='" + password + "' and role='Terminated'");
        while (rs3.next()) {
            z = 1;
            session.setAttribute("email", email);
            response.sendRedirect("SMHome.jsp");
        }

        if (z == 0) {
            response.sendRedirect("login.jsp?msg=notexist");
        }
    } catch (Exception e) {
        System.out.println();
        //response.sendRedirect("login.jsp?msg=invalid"); 
    }

%>