Code: Select all
<?
include "config.php";
include "functions.php";
session_start();
$t = time()+3600;
$datetime = date("Y-m-d H:i:s", $t);
$ip_address = $_SERVER['REMOTE_ADDR'];
if (!$PHP_AUTH_USER) {
header('WWW-Authenticate: Basic realm="Control Panel"');
}
else {
$password = crypt($PHP_AUTH_PW); // Encrypt the inputed password for comparison
$query = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",
mysql_escape_strings($PHP_AUTH_USER),
mysql_escape_strings($password));
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if (mysql_num_rows($result) != "1") { // No user or pass found - incorrect entry
error_msg(1);
$err = 1;
}
elseif (mysql_num_rows($result)) { // User was found
$_SESSION['admin_name'] = $PHP_AUTH_USER; // Set session name to username
$crt = 1; // Allow into control panel
}
else {
error_msg(1);
$err = 1;
}
}
if ($crt) {
header("Location: home.php");
}
?>
EDIT: Changed the script slightly.