Location: PHPKode > projects > Clinical Handover Database > output/login.php
<?php
ini_set("display_errors","1");
ini_set("display_startup_errors","1");
set_magic_quotes_runtime(0);

include("include/dbcommon.php");

if(@$_POST["a"]=="logout" || @$_GET["a"]=="logout")
{
	session_unset();
	setcookie("username","",time()-365*1440*60);
	setcookie("password","",time()-365*1440*60);
	header("Location: login.php");
	exit();
}
if(!@$_SESSION["MyURL"])
	session_unset();

include('libs/Smarty.class.php');
$smarty = new Smarty();


$myurl=@$_SESSION["MyURL"];
unset($_SESSION["MyURL"]);

$defaulturl="";
		$defaulturl="menu.htm";



$cAdminUserID = "admin";

$strMessage="";

if(@$_COOKIE["username"] || @$_COOKIE["password"])
	$smarty->assign("checked"," checked");

if (@$_POST["btnSubmit"] == "Login")
{
	if(@$_POST["remember_password"] == 1)
	{
		setcookie("username",postvalue("username"),time()+365*1440*60);
		setcookie("password",postvalue("password"),time()+365*1440*60);
		$smarty->assign("checked"," checked");
	}
	else
	{
		setcookie("username","",time()-365*1440*60);
		setcookie("password","",time()-365*1440*60);
		$smarty->assign("checked","");
	}
//   	 username and password are stored in the database
	$conn=db_connect();
	$strUsername = (string)postvalue("username");
	$strPassword = (string)postvalue("password");
	$sUsername=$strUsername;
	$sPassword=$strPassword;
	$rstemp=db_query("select * from `users` where 1=0",$conn);
		
	if(FieldNeedQuotes($rstemp,$cUserNameField))
		$strUsername="'".db_addslashes($strUsername)."'";
	else
		$strUsername=(0+$strUsername);
	if(FieldNeedQuotes($rstemp,$cPasswordField))
		$strPassword="'".db_addslashes($strPassword)."'";
	else
		$strPassword=(0+$strPassword);
		$strSQL = "select * from `users` where ".AddFieldWrappers($cUserNameField).
		"=".$strUsername." and ".AddFieldWrappers($cPasswordField).
		"=".$strPassword;
		if(function_exists("BeforeLogin"))
		if(!BeforeLogin(postvalue("username"),postvalue("password")))
			$strSQL="select * from `users` where 1<0";
	
	$rs=db_query($strSQL,$conn);
 	$data=db_fetch_array($rs);
   	if($data && @$data[$cUserNameField]==$sUsername && @$data[$cPasswordField]==$sPassword)
	{
		$_SESSION["UserID"] = postvalue("username");
   		$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
   		if(postvalue("username")==$cAdminUserID)
			$_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMIN;
		$_SESSION["OwnerID"] = $data["Login"];
		$_SESSION["GroupID"] = $data["User Type"];
		if(function_exists("AfterSuccessfulLogin"))
			AfterSuccessfulLogin();
		if($myurl)
			header("Location: ".$myurl);
		else
			header("Location: ".$defaulturl);
		return;
   	}
	else
	{
		if(function_exists("AfterUnsuccessfulLogin"))
			AfterUnsuccessfulLogin();
		$strMessage = "Invalid Login";
	}
}

$_SESSION["MyURL"]=$myurl;
if($myurl)
	$smarty->assign("url",$myurl);
else
	$smarty->assign("url",$defaulturl);


if(@$_POST["username"] || @$_GET["username"])
	$smarty->assign("value_username","value=\"".htmlspecialchars(postvalue("username"))."\"");
else
	$smarty->assign("value_username","value=\"".htmlspecialchars(refine(@$_COOKIE["username"]))."\"");


if(@$_POST["password"])
	$smarty->assign("value_password","value=\"".htmlspecialchars(postvalue("password"))."\"");
else
	$smarty->assign("value_password","value=\"".htmlspecialchars(refine(@$_COOKIE["password"]))."\"");


if(@$_GET["message"]=="expired")
	$strMessage = "Your session has expired. Please login again.";


$smarty->assign("message",$strMessage);

$smarty->display("login.htm");
?>
Return current item: Clinical Handover Database