Code: Select all
require('inc/db_cnx.php');
include('inc/function_validate.php');
if (isset($_POST['submit'])) {
$company = $_POST['company'];
$passcode = $_POST['passcode'];
// Account for servers timezone
$H = date('H')-1;
$date = date('Y-m-d '.$H.':i');
validate($passcode);
validate($company);
$company = addslashes($company);
$query = "SELECT passcode, client_id, access FROM details WHERE company='$company'";
$q = mysql_query($query);
// Check if company is registered
if (mysql_num_rows($q) > 0) {
$a = mysql_fetch_array($q);
if ($a['passcode'] == $passcode) {
// Update last_login
$sql = "UPDATE details SET last_login='$date' WHERE company='$company'";
$qe = mysql_query($sql);
// If company name should be remembered
if ($_POST['remember'] == 1) {
setcookie("company", stripslashes($company), +15552000);
}
// check access
if ($a['access'] == "Admin") {
session_start();
$_SESSION['id'] = $a['client_id'];
$_SESSION['access'] = "admin";
$_SESSION['login'] = 1;
header("Location: overview.php");
} else {
session_start();
$_SESSION['id'] = $a['client_id'];
$_SESSION['access'] = "client";
$_SESSION['company'] = stripslashes($company);
$_SESSION['login'] = 1;
header("Location: download.php");
}
} else {
die("Login Error");
}
} else {
die("$company is not registered, please contact us.");
}
}