1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
<?php
if(!$do_login) exit;
// declare post fields
$post_loginname = trim($_POST['loginname']);
$post_password = md5(trim($_POST['password']));
$post_autologin = $_POST['autologin'];
require("configure.php");
require_once 'function_login_block.php';
$sql = "SELECT * FROM sys_cms_login where cmsloginname = ".safe_param($post_loginname)." AND cmsloginpw = '$post_password' and cmsstatus = '1' ";
$result = mysql_query($sql);
if (mysql_num_rows($result) > 0)
{
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$login_ok = true;
$_SESSION['loginname'] = $row{'cmsloginname'};
$_SESSION['password'] = $row{'cmsloginpw'};
$_SESSION['cmsloginid'] = $row{'cmsloginid'};
$_SESSION['cmsrole'] = $row{'cmsrole'};
if($post_autologin == 1)
{
$password_hash = md5($row{'cmsloginpw'}); // will result in a 32 characters hash
setcookie ($cookie_name, 'usr='.$row{'cmsloginname'}.'&hash='.$password_hash, time() + $cookie_time);
}
insert_login_log($_SESSION['loginname'], true);
header("Location: index.php");
exit;
}
else
{
$login_error = true;
insert_login_log($post_loginname, false);
die_if_login_block();
}
?>
|