1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
<?php
/* check login script, included in db_connect.php. */
session_start();
if (!isset($_SESSION['cmsloginname']) || !isset($_SESSION['cmsloginpw'])) {
$logged_in = 0;
return;
} else {
// remember, $_SESSION['password'] will be encrypted.
require "configure.php";
if(!get_magic_quotes_gpc()) {
$_SESSION['username'] = addslashes($_SESSION['username']);
}
/*$checkCmd = "SELECT cmsloginname, cmsloginpw, cmsrole FROM cms_login WHERE cmsloginname = '". $_SESSION['cmsloginname']. "' AND cmsloginpw ='". $_SESSION['cmsloginpw'] ."'";
//$info['password'] = stripslashes($info['password']);
//$_POST['passwd'] = md5($_POST['passwd']);
$result = mysql_query($checkCmd);
if ( mysql_num_rows($result) > 0)
{
$row = mysql_fetch_array( $result, MYSQL_ASSOC);*/
$checkCmd = "SELECT * FROM cms_login WHERE cmsloginname = '". $_SESSION['cmsloginname']. "'";
$result = mysql_query($checkCmd);
if (mysql_num_rows($result) > 0)
{
$row = mysql_fetch_array($result, MYSQL_ASSOC);
//echo 'p1='.$row{'cmsloginpw'}.'<br>';
//echo 'p2='.md5($_SESSION['cmsloginpw']).'<br>';
//exit;
if(strcmp($row{'cmsloginpw'},md5($_SESSION['cmsloginpw'])) !=0)
{
header("Location: login.php?err=Incorrect password.");
exit;
}
if ($row{'cmsrole'} == "1") {
mysql_close();
$logged_in = 1;
} else {
mysql_close();
$logged_in = 0;
unset($_SESSION['cmsloginname']);
unset($_SESSION['cmsloginpw']);
}
}
else {
mysql_close();
$logged_in = 0;
unset($_SESSION['cmsloginname']);
unset($_SESSION['cmsloginpw']);
// kill incorrect session variables.
}
}
// clean up
$_SESSION['cmsloginname'] = stripslashes($_SESSION['cmsloginname']);
?>
|