I have already made the summary page (summary.php), would i have to copy and paste the code from that page in or could i just link the page (summary.php)??
I'm not really sure where to put the suggested code... Can you have a look at my code and give me your advice plz?
Code: Select all
include 'header.htm';
if (!isset($_POST['user'])){$_POST['user']=NULL;}
if (!isset($_GET['err'])){$_GET['err']=NULL;}
if ($_POST['user']!=NULL)
{
if ($_POST['user']=="" || $_POST['pass']==""){header("location: index.php?err=1");exit(0);}
//Check for Contact Login first...
include 'dbcon.php';
$result = mssql_fetch_array(mssql_query("SELECT id,(forename + ' ' + surname) as contact,company FROM contact WHERE username='" . $_POST['user'] . "' AND PWDCOMPARE('" . $_POST['pass'] . "',password)=1",$db));
//Check if the user is a customer
if ($result!=NULL){
$_SESSION['user'] = $result['contact'];
$_SESSION['guid'] = $result['id'];
$_SESSION['level']=1;
$_SESSION['rights']=3;
$_SESSION['pfx'] = "C" . date('Y');
$_SESSION['conts'] = array ($result['id']);
} else {
//If not, Check Engineers list
$ad = ldap_connect("ldap://" . getParam("ad_server"));
if (ldap_bind($ad,getParam("domain") . "\\" . $_POST['user'],$_POST['pass']))
{
//Search for charlton engineer (CNE)
$attributes = array("cn","objectGUID","directReports");
$result = ldap_search($ad, getParam("engineers"), "(saMAccountName=" . $_POST['user'] . ")", $attributes);
if (ldap_count_entries($ad,$result)==0)
{
//if not charlton engineer, are they a customer based engineer (CBE)
$result = ldap_search($ad, getParam("offsite_eng"), "(saMAccountName=" . $_POST['user'] . ")", $attributes);
if (ldap_count_entries($ad,$result)==0)
{
//no user found, reject logon
echo "Cannot logon!";
exit(0);
}
//Set level to CBE
$_SESSION['level']=3;
} else {
//Set level to CNE
$_SESSION['level']=10;
}
//Save other engineers attributes to the session cookie
$entry = ldap_get_entries($ad, $result);
$single_entry = ldap_first_entry($ad, $result);
$guid = ldap_get_values_len($ad, $single_entry, 'objectguid');
$_SESSION['user']=$entry[0]['cn'][0];
$_SESSION['guid']=convertGUID($guid[0]);
$_SESSION['pfx'] = "C" . date('Y');
$_SESSION['conts']=array ();
$_SESSION['rights'] = mssql_result(mssql_query("SELECT rightsmask FROM engineer WHERE id='" . $_SESSION['guid'] . "'",$db),0,0);
$_SESSION['defsearch'] = mssql_result(mssql_query("SELECT defsearch FROM engineer WHERE id='" . $_SESSION['guid'] . "'",$db),0,0);
$_SESSION['conts'] = split(",",mssql_result(mssql_query("SELECT customers FROM engineer WHERE id='" . $_SESSION['guid'] . "'",$db),0,0));
ldap_unbind($ad);
} else {
header("location: index.php?err=1");
exit(0);
}
}
if (isset($_POST['callid'])){
header("location: calllist.php?id=" . $_POST['callid'] . "&pfx=" . $_POST['callpfx']);
exit(0);
}
header("location: calllist.php" . $_SESSION['defsearch']);
}
?>
<form action='index.php' method='post'>
<? if (isset($_GET['callid'])){ echo "<input type='hidden' name='callid' value='" . $_GET['callid'] . "'/>";}?>
<? if (isset($_GET['callpfx'])){ echo "<input type='hidden' name='callpfx' value='" . $_GET['callpfx'] . "'/>";}?>
<table cellspacing=0 cellpadding=0 width=100% height=100%><tr><td valign=top align=center><img src='images/login.jpg' alt='Login'></td></tr>
<tr><td> </td></tr>
<tr ><td valign=top align=center>
<table cellspacing=0 cellpadding=0 height=5 border=0 width=300>
<? if ($_GET['err']==1){
echo " <tr><td align=center><font color=red>Incorrect Username or Password</td></tr>";
echo " <tr><td> </td></tr>";
}?>
<tr><th class='overhead_cell' style="border-right:0px;">Enter Credentials</th></tr>
<tr><td class='std_disp_entry_btm'>
<table cellpadding=5 cellspacing=0 width=100%>
<tr><td align=right style="padding-right:5px;"><font face='Arial' size=2 color=909098><b>Username: </td><td><input onkeypress="if (window.event.keyCode==13)submit();" type='input' name='user'></td></tr>
<tr><td align=right style="padding-right:5px;"><font face='Arial' size=2 color=909098><b>Password: </td><td><input onkeypress="if (window.event.keyCode==13)submit();" type='password' name='pass'></td></tr>
</table>
</td></tr>
<tr><td> </td></tr>
<tr><td colspan=2 align=center><button class=flat onclick="submit();">Login</button></td></tr>
</table>
</td></tr>
<tr><td height=10> </td></tr>
<tr valign=top height=100%><td align=center><font size=2>If you have forgotten your login details please send an email to:<br><a href='mailto:helpdesk@charltonnetworks.co.uk'>helpdesk@charltonnetworks.co.uk</a></td></tr>
<tr valign=bottom><td align=right><font size=0.5>1.3</font></td></tr>
</table>
</form>