Code: Select all
<?php session_start();
if (stristr($_SERVER['PHP_SELF'], 'cnt/') != FALSE)
{
include('../inc/mysql.inc.php');
}
if (!($_SESSION) || $_SESSION['error'])
{
if ($_POST)
{
$mysql_link = mysql_connect(mysql_host, mysql_user, mysql_pass) or die(mysql_error());
mysql_select_db(mysql_database) or die(mysql_error());
$mysql_result = mysql_query(sprintf("
SELECT username, password, admin_flag
FROM users
WHERE username = '%s' AND password = '%s'
", mysql_real_escape_string($_POST['user']), md5(mysql_real_escape_string($_POST['pass']))));
echo md5(mysql_real_escape_string($_POST['pass']));
if (is_resource($mysql_result))
{
while ($row = mysql_fetch_row($mysql_result))
{
$_SESSION['user'] = $row[0];
$_SESSION['password'] = md5('salt_and_margaritas'.$row[1]);
$_SESSION['admin_flag'] = $row[2];
}
print '
<html>
<head>
<script language="javascript">
window.location.href = "'.substr(rtrim(dirname($_SERVER['PHP_SELF'])), 0, -3).'?q=admin/index";
</script>
<title>You are being redirected.</title>
<script language="javascript">
</script>
</head>
<body>
You are being redirected, <a href="login.php">click here</a> if you do not wish to wait or if you have javascript disabled.
</body>
</html>';
}
else
{
$_SESSION['error'] = 'Invalid Username and Password combination.<br />'.mysql_error();
// Redirect to yourself
print '
<html>
<head>
<script language="javascript">
window.location.href = "'.substr(rtrim(dirname($_SERVER['PHP_SELF'])), 0, -3).'?q=login";
</script>
<title>You are being redirected.</title>
<script language="javascript">
</script>
</head>
<body>
You are being redirected, <a href="login.php">click here</a> if you do not wish to wait or if you have javascript disabled.
</body>
</html>';
}
}
else
{
print '
<h2>Log-in</h2>
</div>
<div class="inside">';
print '
<h3>Please log-in in order to continue on to the Administration Control Panel</h3>
<table cellspacing="0">';
print '
<form action="cnt/login.php" method="post">
<tr>
<td>Username: </td><td><input type="text" size="24" name="user" /></td>
<tr>
</tr>
<td>Password: </td><td><input type="password" size="24" name="pass" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</form>
</table>';
ShowErrors();
}
}
else
{
echo '<h2>Sorry</h2>';
echo '<p>You are already logged-in, please log-out before you try to log-in again.</p>';
}
?>