1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

<?php

    /* check login script, included in db_connect.php. */

    session_start();

    if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
        $logged_in = 0;
        return;
    } else {
        require "configure.php";
        require_once 'function_login_block.php';

        // remember, $_SESSION['password'] will be encrypted.
        if (!get_magic_quotes_gpc()) {
            $_SESSION['username'] = addslashes($_SESSION['username']);
        }

        $checkCmd = "SELECT loginname, loginpassword, role FROM login WHERE loginname = '" . $_SESSION['username'] . "' AND loginpassword ='" . mysql_escape_string($_SESSION['password']) . "'";


        //$info['password'] = stripslashes($info['password']);
        //$_POST['passwd'] = md5($_POST['passwd']);

        $result = mysql_query($checkCmd);
        if (mysql_num_rows($result) > 0) {
            $row = mysql_fetch_array($result, MYSQL_ASSOC);

            if ($row{'role'} == "1") {
                insert_login_log($_SESSION['username'], true);
                mysql_close();
                $logged_in = 1;
                $_SESSION["cmslogin"] = 1;
            } else {
                insert_login_log($_SESSION['username'], false);
                mysql_close();
                $logged_in = 0;
                unset($_SESSION['username']);
                unset($_SESSION['password']);
            }

        } else {
            insert_login_log($_SESSION['username'], false);
            mysql_close();
            $logged_in = 0;
            unset($_SESSION['username']);
            unset($_SESSION['password']);
            // kill incorrect session variables.
        }
    }


// clean up
    unset($db_pass['password']);

    $_SESSION['username'] = stripslashes($_SESSION['username']);

?>