<?php
/***************************************************************************
* login.php
* -------------------
* begin : dom, Abril 2, 2007
* copyright : (C)
* email : hide@address.com
* Desc : Login page
*
*
***************************************************************************/
/***************************************************************************
* Cookie
*
* user_Name:-:id_User:-:email:-:Permissions(See session.inc.php to see their order)
*
***************************************************************************/
define('IN_ADSERVER', true);
include_once("./inc/common.inc.php");
//If someone is already loged in, it will go again to the index page.
if(isset($session['userId']) && $session['userId'] != "" && !isset($_GET['logout'])){
refrescar($web_address, 0, 1);
}
//Recover password
if(isset($_POST['recover']) && $_POST['user_Name'] != "") {
$s_Pwd = "";
//Generate random password
$a_Abc = array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"
,"0","1","2","3","4","5","6","7","8","9"
,"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z"
);
for($i = 0; $i < 8; $i++){
$s_Pwd .= $a_Abc[rand(0, count($a_Abc))];
}
$q = "
UPDATE ".$db_Pre."users
SET pwd = '".md5($s_Pwd)."'
WHERE user_Name = '".$_POST['user_Name']."'
";
$q_Recover = mysql_query($q) or die("Unable to get user: " . mysql_error());
if(mysql_affected_rows() > 0){
$q = "
SELECT email
FROM ".$db_Pre."users
WHERE user_Name = '".$_POST['user_Name']."'
";
$q_Get_Email = mysql_query($q) or die("Unable to get user: " . mysql_error());
$row = mysql_fetch_array($q_Get_Email, MYSQL_ASSOC);
$to = $row['email'];
$subject = $main_title . $_lang['login_Mail_Title'];
$message = sprintf($_lang['login_Mail_Msg'], $_POST['user_Name'], $s_Pwd);
$headers = sprintf($_lang['login_Mail_Headers'] ,$main_Email, $main_Email, phpversion());
mail($to, $subject, $message, $headers);
}
$s_Warning = $_lang['login_Msg_New_Passw'];
}
//Login
if(isset($_POST['logeeme'])) {
//Delete session variables, just in case
unset($session);
//Check if user exists
$q = "
SELECT user_Name, id_User, email
FROM ".$db_Pre."users
WHERE user_Name = '" . $_POST['user_Name'] . "'
AND pwd = '" . md5($_POST['password']). "'
AND active = 1
";
$q_User = mysql_query($q) or die("Unable to get user: " . mysql_error());
//If someone is found, log him in
if(mysql_num_rows($q_User) > 0){
//User variables
$row = mysql_fetch_array($q_User, MYSQL_ASSOC);
//Cookie data
$galleta = $row['user_Name'];
$galleta .= $divisor . $row['id_User'];
$galleta .= $divisor . $row['email'];
//Get the permissions
//$galleta .= $divisor . implode($divisor_per, array_values(get_Permissions($row['id_User'], $db_Pre)));
//$galleta .= $divisor . get_Permissions($row['id_User'], $db_Pre);
setGalleta($galleta);
echo $_lang['login_Login_Succ'];
refrescar($web_address, 0, 1);
exit;
}
else{
$s_Warning = $_lang['login_Msg_Problem'];
}
}
//Proceso de deslogeo
if(isset($_POST['logout']) || isset($_GET['logout'])) {
unset($session);
quitarGalleta();
echo $_lang['login_Msg_Logoff'];
refrescar("login.php", 0, 1);
};
/* Template Generation */
include_once("./header.inc.php");
$login_Tpl = new tpl($s_path_Tpl . "/login.tpl");
/* Main array */
$a_Login = array(
"{LOGIN_LOGIN}" => $_lang['login_Login'],
"{LOGIN_USER_NAME}" => $_lang['login_User_Name'],
"{LOGIN_PASSWORD}" => $_lang['login_Password'],
"{LOGIN_SUBMIT}" => $_lang['login_Login_Submit'],
"{LOGIN_REC_PASSWORD}" => $_lang['login_Rec_Password'],
"{LOGIN_REC_USER_NAME}" => $_lang['login_User_Name'],
"{LOGIN_REC_SUBMIT}" => $_lang['login_Recover_Submit']
);
// Replace main TPL
$login_Tpl->rBlock($a_Login, "");
$login_Tpl->print_Tpl();
include_once("./footer.inc.php");
?>