1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

<?php require("inc/configure.php"); ?>
<?php require("inc/global.php");?>
<?php
require 'inc/checklogin.php';

if($logged_in == 1) {
    header('Location: index.php');
}
else
{
    if (isset($_POST['submit'])) { // if form has been submitted
        /* check they filled in what they were supposed to and authenticate */
        if(!$_POST['uname'] | !$_POST['passwd']) {

            //die('You did not fill in a required field.');
            loginForm('You did not fill in a required field.');
            die();
        }

        //if (!get_magic_quotes_gpc()) {
        //    $uname = addslashes($_POST['uname']);
        //}
        $uname = $_POST['uname'];
        $upwd = stripslashes($_POST['passwd']);

        $sql = "select * from SYS_USER 
                where (uname = '$uname' 
                and upwd = '".md5($upwd)."'
                and status = 1)
                ";

        $result = mysql_query($sql);
        if ($row = mysql_fetch_array($result,MYSQL_ASSOC))
        {
            $lastlogin = isnull($row{'lastlogin'},"");
            $timestamp = time();
            $_SESSION['userid']    = $row{'userid'};
            mysql_query("update SYS_USER set lastlogin = ".$timestamp.", sessionid = '".session_id()."' where uname = '$uname'");

            $_POST['uname']        = stripslashes($_POST['uname']);
            $_SESSION['id']        = $timestamp;
            $_SESSION['uname']    = $uname;
            $_SESSION['upwd']    = $upwd;
            header('Location: index.php');
        }
        else
        {
            //echo 'Incorrect password, please try again.';
            loginForm('Incorrect password, please try again.');
            die();
        }
    } else {
        loginForm("Welcome to oneMotor");
        die();
    }
    ?>

<?
}    
?>