<?php
//$conn->debug = true;
//require("includes/main.php");
// loading functions and libraries
// check if login is necesary
if (!isset($_SESSION["logged_in"]))
{
//print_r($_POST);
if (isset($_POST["Login_x"]) || isset($_POST["Login"]) )
{
if ( ( empty($_POST["entered_login"]) ) && ( empty($_POST["entered_password"]) ) )
{
echo "No username or password";
include(DOC_ROOT.'/authentication/interface.php');
exit;
}
else
{
//if not logged in and entered_username and password are not empty register vars
$recordSet = $conn->Execute("SELECT * FROM users WHERE username = ".sqlprep($_POST["entered_login"])." AND passwd = " . sqlprep($_POST["entered_password"]) . "");
if (!$recordSet->EOF)
{
$lang = $conn->Execute("SELECT directory FROM languages WHERE languages_id = ".$recordSet->fields["deflanguage"]."");
$recordSet1 = $conn->Execute("SELECT id,name FROM gencompany WHERE id='".$recordSet->fields["companyid"]."' or id = 1")or die("Error Retriving Active Company ".mysql_error());
//session_start();
if ($recordSet->fields["is_admin"] == 1)
{
$_SESSION["is_admin"] = 1;
}//End if
if ($recordSet->fields["first_login"] == NULL)
{
$query = "UPDATE users SET first_login = NOW()";
$sql = $conn->Execute($query);
}//End if
$query = "UPDATE users SET count_logins = count_logins+1 WHERE uid = ".$recordSet->fields["uid"]."";
$sql = $conn->Execute($query);
$_SESSION["logged_in"] = "1";
$_SESSION["userid"] = $recordSet->fields["uid"];
$_SESSION["active_company"] = $recordSet1->fields["id"];
$_SESSION["active_companyname"] = $recordSet1->fields["name"];
$_SESSION["language"] = $lang->fields["directory"];
//$_SESSION["accountMethod"] = $recordSet1->fields["accountMethod"];
if ( isset($_POST["remote_login"]) )
{
$_SESSION["remote_login"] = true;
}
else
{
$_SESSION["remote_login"] = false;
}
}
else
{
$message = 'Login Failed, No User';
include(DOC_ROOT.'/authentication/interface.php');
exit;
}
}
}
else
{
include(DOC_ROOT.'/authentication/interface.php');
}
}
?>