<?php 
include_once("config.php");

$error=$_GET['error'];
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])) {
	//if there is, it logs you in and directes you to the members page
	$username = $_COOKIE['ID_my_site']; 
	$pass = $_COOKIE['Key_my_site'];
	$check = mysql_query("SELECT * FROM users WHERE username = '$username' and active='Y'")or die(mysql_error());
	while($info = mysql_fetch_array( $check )) {
		if ($pass != $info['password']) {
			header("Location: login.php"); 
		} else {
			header("Location: copyright.php");
		}
	}
} else {
	if ( isset($_SERVER['AUTH_USER'])) {
		$temp = explode('\\', $_SERVER['AUTH_USER']); //remove the domain name from AUTH_USER
		if ($temp[1] == "") {
			$name = $temp[0];
		} else {
			$name = $temp[1];
		}
		$check = mysql_query("SELECT * FROM users WHERE username = '$name' and active='Y'")or die(mysql_error());
		$check2 = mysql_num_rows($check);
		if ($check2 > 0) {
			$info = mysql_fetch_array( $check )  ;
			$hour = time() + $cookietime; 
			setcookie(ID_my_site,  $info['username'], $hour); 
			setcookie(Role_my_site, $info['sysrole'], $hour); 
			setcookie(Key_my_site, $info['password'], $hour); 
			// write a log record
			$username = $info['username'];
			$sql="insert into userlog values('$username',now())";
			$done=mysql_query($sql);
			header("Location: copyright.php"); 
		}
	}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
	// makes sure they filled it in
	if(!$_POST['username'] | !$_POST['pass']) {
		die('You did not fill in a required field.');
	}
	// checks it against the database
	if (!get_magic_quotes_gpc()) {
		$_POST['email'] = addslashes($_POST['email']);
	}
	$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and active='Y'")or die(mysql_error());
	//Gives error if user dosen't exist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
		$error ='That user does not exist in our database (or is not active).';
		header("Location: copyright.php?error=$error");
//		die('That user does not exist in our database.');
	}
	while($info = mysql_fetch_array( $check ))  {
		$_POST['pass'] = stripslashes($_POST['pass']);
		$info['password'] = stripslashes($info['password']);
		$_POST['pass'] = md5($_POST['pass']);
		//gives error if the password is wrong
		if ($_POST['pass'] != $info['password']) {
			die('Incorrect password, please try again.');
		} else { 
			// if login is ok then we add a cookie 
			$_POST['username'] = stripslashes($_POST['username']); 
			$hour = time() + $cookietime; 
			setcookie(ID_my_site, $_POST['username'], $hour); 
			setcookie(Key_my_site, $_POST['pass'], $hour); 
			setcookie(Role_my_site, $info['sysrole'], $hour); 
			// write a log record
			$username = $info['username'];
			$sql="insert into userlog values('$username',now())";
			$done=mysql_query($sql);
			//then redirect them to the members area 
			header("Location: copyright.php"); 
		} 
	} 
} else { 
	// if they are not logged in 
	?> 
	<HTML>
	<HEAD>
	<link rel="stylesheet" type="text/css" href="<?PHP echo $style ?>">
	<script language="JavaScript1.2" src="js/coolmenus4.js">
	</script>
	</HEAD>
	<center>
	<h2>ERPSOD Analysis System</h2>
	</center>
	<body bgcolor="#ffffff">
	<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
	<center>
	<table border=1 cellpadding=0 cellspacing=0 bgcolor="AQUA"><tr><td>
	<tr><td>Username:</td><td> 
	<input type="text" name="username" maxlength="40"> 
	</td></tr> 
	<tr><td>Password:</td><td> 
	<input type="password" name="pass" maxlength="50"> 
	</td></tr> 
	<tr><td colspan="2" align="center"> 
	<input type="submit" name="submit" value="Logon"> 
	</td></tr> 
	<tr><td>
	<?php echo $_GET['error']; ?>
	</td></tr> 
	</table> 
	</center>
	</form> 
	</BODY>
	<?php
	include_once("footer.php");
	?>
	</HTML>
	<?php 
}