PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<? if (!$_SESSION['uid']) header('Location: login.php'); ?>
For some reason, the !$_SESSION['uid'] forces the php to believe that the user is not logged in. If the beginning of login.php is changed to $_SESSION['uid'] then it redirects to index.php, which begins as $_SESSION['uid'] (but it does it's job and recognizes the user as logged in.
<?php
include "includes/start.php";
if($_SESSION['uid']){ /*IF LOGGED IN SHOW PROFILE.PHP*/
include "profile.php";
} else { /* SHOW LOGIN */
header('Location: login.php');
}
?>
<?php
/*
Supercali Event Calendar
Copyright 2006 Dana C. Hutchins
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
For further information visit:
http://supercali.inforest.com/
*/
include "includes/start.php";
function check_login() {
global $table_prefix, $link, $common_get;
if(get_magic_quotes_gpc()) {
$saemail = mysql_real_escape_string(stripslashes($_POST["email"]));
$password = mysql_real_escape_string(stripslashes($_POST["password"]));
} else {
$saemail = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
}
$md5_pass = md5($password);
$query = mysql_query("Select uid, saemail, temp_password from agents where saemail='".$saemail."' and password='$md5_pass' OR saemail='".$saemail."' and temp_password='$md5_pass'");
$total_row = mysql_numrows($query);
if($total_row>0){
$row = mysql_fetch_array($query);
$_SESSION['uid'] = $row['uid'];
$_SESSION['email'] = $row['email'];
if ($row['temp_password'] == $md5_pass) {
mysql_query("UPDATE agents set password = '".$row['temp_password']."', temp_password = NULL WHERE uid ='".$row['uid']."'");
mysql_close($link);
sleep(2);
header("Location: index.php");
} else {
mysql_close($link);
if ($_POST["return_to"]) {
sleep(2);
header("Location: ".$_POST["return_to"]);
} else {
sleep(2);
header("Location: index.php");
}
}
} else {
mysql_close($link);
sleep(2);
header("Location: index.php");
}
}
function send_new_password() {
global $table_prefix, $calendar_title, $calendar_email, $common_get,$link,$lang;
if(get_magic_quotes_gpc()) {
$saemail = mysql_real_escape_string(stripslashes($_POST["email"]));
} else {
$saemail = mysql_real_escape_string($_POST["email"]);
}
$query = mysql_query("Select * from agents where saemail='$saemail'");
$total = mysql_numrows($query);
if($total>0){
$row = mysql_fetch_array($query);
$newpass=substr(md5($saemail.microtime()), 0, 8);
$crypt_pass=md5($newpass);
mysql_query("UPDATE agents set temp_password = '".$crypt_pass."' where saemail ='".$saemail."'");
$message = $lang["password_msg"].$calendar_title.":\n\n$newpass\n\n";
mail($saemail, $lang["password_subject_start"].$calendar_title.$lang["password_subject_end"], "$message", "From: \"".$calendar_title."\" <".$calendar_email.">");
$msg=$lang["password_sent"];
} else {
$msg=$lang["password_no_email"];
}
mysql_close($link);
sleep(2);
header("Location: index.php");
}
function log_out () {
global $common_get;
session_start();
session_unset();
session_regenerate_id();
sleep(2);
header("Location: index.php?");
}
function approve($code) {
global $table_prefix, $lang, $link;
if(get_magic_quotes_gpc()) {
$code = mysql_real_escape_string(stripslashes($code));
} else {
$code = mysql_real_escape_string($code);
}
$q = "select event_id from ".$table_prefix."events where quick_approve = '".$code."'";
$query = mysql_query($q);
if (mysql_num_rows($query) > 0) {
$sq = "update ".$table_prefix."events set status_id = 4, quick_approve = NULL where quick_approve = '".$code."'";
$squery = mysql_query($sq);
if ($squery) {
$msg = $lang["event_updated"];
$event_id = mysql_result($query,0,0);
include "includes/notify.php";
notify_group($event_id);
}
} else {
$msg = $lang["event_not_found"];
}
sleep(2);
header("Location: index.php");
}
switch ($_REQUEST["mode"]) {
case $lang["send_new_password"];
send_new_password();
break;
case "q";
approve($_REQUEST["qa"]);
break;
case "logout";
log_out();
break;
case "Log In";
check_login();
break;
default;
sleep(2);
header("Location: index.php");
break;
}
mysql_close($link);
?>