/var/www/(Del)yuecreations.com.hk/webadmin/check_login.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

<?php

/* check login script, included in db_connect.php. */

session_start();

if (!isset($_SESSION['cmsloginname']) || !isset($_SESSION['cmsloginpw'])) {
    $logged_in 0;
    return;
} else {
    require "configure.php";
    require_once 'function_login_block.php';

    // remember, $_SESSION['password'] will be encrypted.
    if(!get_magic_quotes_gpc()) {
        $_SESSION['username'] = addslashes($_SESSION['username']);
    }

     $checkCmd "SELECT cmsloginname, cmsloginpw, cmsrole FROM cms_login WHERE cmsloginname = '"mysql_real_escape_string($_SESSION['cmsloginname']). "' AND cmsloginpw ='"mysql_real_escape_string($_SESSION['cmsloginpw']) ."'";
    
    
    //$info['password'] = stripslashes($info['password']);
    //$_POST['passwd'] = md5($_POST['passwd']);
    
    $result mysql_query($checkCmd);
    if (  mysql_num_rows($result) > 0)
    {
        $row mysql_fetch_array$resultMYSQL_ASSOC);
        if ($row{'cmsrole'} == "1") {
        insert_login_log($_SESSION['cmsloginname'], true);
        mysql_close();
        $logged_in 1;
        } else {
        insert_login_log($_SESSION['cmsloginname'], false);
        mysql_close();
        $logged_in 0;
        unset($_SESSION['cmsloginname']);
        unset($_SESSION['cmsloginpw']);
        }    

    }
    
    else {
        insert_login_log($_SESSION['cmsloginname'], false);
        mysql_close();
        $logged_in 0;
        unset($_SESSION['cmsloginname']);
        unset($_SESSION['cmsloginpw']);
        // kill incorrect session variables.
    }
}


// clean up
$_SESSION['cmsloginname'] = stripslashes($_SESSION['cmsloginname']);

?>