Location: PHPKode > projects > Druid Defect Control > defectcontrol_0.9.4/tts/login.php
<?php

require_once('errors.php');

function checkUserAndPassword($username, $password)
{

//    echo "Check $username [$password]<br>";

    // connect to the db
    ttdb_connect($connection);

    $res = "auth failed";

    $query="select spassword from users where sname='$username';";

    $result = ttdb_execQuery($connection,$query);
    
    if (!$result){
        tter_errorWithBackButton("An error occurred querying the database. [$query]</br>");
        exit;
    }
    
    $fields = ttdb_getArray($result);
    
    if (is_array($fields)) {        
        $userpass = $fields['spassword'];
//        echo "pass for the user in the db: $userpass";
        if ($userpass == $password) {
            $res = 'OK';
        }
    }

    ttdb_close($connection);

    return $res;
    
}

require_once('database.php');
require_once('constants.php');

function EchoAuthHeader()
{
    header("WWW-Authenticate: Basic realm=\"DRUiD Defect Tracking System\"");
    header("HTTP/1.0 401 Unauthorized");
}

    if (!isset($PHP_AUTH_USER)) {
        EchoAuthHeader();
        echo MSG_AUTH_CANCELLED;
        exit;    
    } else {
        
        $res = checkUserAndPassword($PHP_AUTH_USER, $PHP_AUTH_PW);
        
        if ($res == "OK") {
            header("Location: index.php");
            ob_end_flush();
            exit();
        } else {
            EchoAuthHeader();
            echo MSG_AUTH_FAILED;
            exit();
        } 
    }

?>

<html>
<link rel="stylesheet" href="style.css">
<body>
<table width="100%" border="0" cellspacing="2" cellpadding="0">
  <tr> 
    <td width="232"><img src="images/login.gif" width="232" height="307"></td>
    <td class="tableFieldContent" valign="top" width="50">&nbsp;</td>
    <td class="tableFieldContent" valign="top"> 
      <p>&nbsp;</p>
      <p>This is the <b>Druid Defect Tracking System</b> login page. </p>
      <table width="100%" border="0" cellpadding="0" align="center">
        <tr bgcolor="#CCCCCC">
          <td height="1"></td>
        </tr>
      </table>
      <div align="left"></div>
      <table width="100%" border="0" cellspacing="2" cellpadding="0">
        <tr> 
          <td> 
            <p><font size="2">Current username: <?php echo $HTTP_SESSION_VARS['loginuser'] ?></font></p>
            <p><font size="2">Current session name: <?php echo session_name() ?></font></p>
            <form method="post" action="loginpost.php">
              <table width="100%" border="0" cellpadding="2" class="tableStyle">
                <tr> 
                  <td class="tableFieldContent" width="70%"> 
                    <div align="center">Username: 
                      <input type="text" name="fUsername">
                      <input type="submit" name="Submit" value="Login">
                    </div>
                  </td>
                </tr>
              </table>
              <p>&nbsp;</p>
            </form>
          </td>

        </tr>
        <tr> 
          <td> 
            <div align="center"><font size="1">This is a development version, 
              and the login mechanism only asks for username. Normal login procedure 
              shoud use a more robust mechanism (user name and password, SSL, 
              other authentication), and implement user validation in <i>usercheck.php</i> 
              for every form.</font></div>
          </td>
        </tr>
      </table>
      <p>&nbsp;</p>
      </td>
  </tr>
</table>
<p>&nbsp; </p>
<p>&nbsp;</p>
<p>&nbsp; </p>
</body>

</html>
Return current item: Druid Defect Control