Code: Select all
<?php
session_start();
function loginform()
{
echo "<h2>You need to login to access this page</h2>";
echo "<form action=\"{$_SERVER['REQUEST_URI']}".setUrlVariables()."\" method=\"post\">";//setUrlVariables appends variables!
echo '<table>';
echo '<tr><td>Email Address</td><td><input type="text" name="email"></td></tr>';
echo '<tr><td>Password</td><td><input type="password" name="password"></td></tr>';
echo '<tr><td> </td><td><input type="radio" value="y" name="remember">Remember me</td></tr>';
echo '<tr><td> </td><td><input type="submit" name="submit" value="Submit"></td></tr>';
echo '</table>';
echo '</form>';
echo '<p><a href="forgotten.php">Forgotten password?</a></p>';
exit();
}
//check if cookies set or session indicates login
if (($_SESSION['userlevel']>=$loginlevel)||(isset($_COOKIE['remember'])&&($_COOKIE['remember']=='1')&&($_COOKIE['userlevel']>=$loginlevel))) $loggedin='1';
//check form overide values
if($loggedin!='1')
{
if($_POST['email']=='admin' && $_POST['password']=='password') //obviously not the real password!
{
$loggedin='1';
$userlevel='2';
$email=$_POST['email'];
}
}
//check form values
if($loggedin!='1')
{
$email=$_POST['email'];
$password=md5($_POST['password']);
include("../includes/email.inc.php");
//check for valid email address
if (!emailchecker($email)) loginform();
//check database
$sql="SELECT email,userlevel,password FROM address";
$result=mysql_query($sql);
while($row=mysql_fetch_assoc($result))
{
if($row['email']==$email && $row['password']==$password && $row['userlevel']>=$loginlevel)
{
$loggedin=1;
$userlevel=$row['userlevel'];
//set cookies if wanted
if(($_POST['remember']=='y')&& $loggedin=='1')
{
setcookie('userlevel',$userlevel,time()+60*60*24*30,'/','.domainname');
setcookie('remember','1',time()+60*60*24*30,'/','.domainname');
setcookie('emailaddress',$email,time()+60*60*24*30,'/','.domainname');
}
}
}
}//end check form values
$log='1';
if($loggedin=='1') $log='0';
//acceslog
if(!isset($email))
{
if (isset($_COOKIE['emailaddress'])) $email=$_COOKIE['emailaddress'];
if (isset($_SESSION['email'])) $email=$_SESSION['email'];
}
$sql="INSERT into accesslog (ip,email,page,date,failure,accesslog_id) VALUES ('{$_SERVER['REMOTE_ADDR']}','{$email}','{$_SERVER['REQUEST_URI']}',NOW(),'{$log}','')";
$result=mysql_query($sql);
if($loggedin!='1') loginform();
if ($loggedin=='1')
{
$_SESSION['userlevel']=$userlevel;
$_SESSION['email']=$email;
}
?>
Code: Select all
<?php
session_start();
include("../includes/config.inc.php");
$loginlevel='2'; //require admin level access
include("login.php");
//Logged in