Location: PHPKode > projects > FreePHPShoppingCartSoftware > admin_login.inc
<?php

// =======================================================================
// Module name: Admin Login
// File name: admin_login.inc
// Version: 1.0
// Description: This script contains php code that controls the user login
// system. Users are required to login on the website and every time any
// page is loaded it checkes to make sure the user is logged in before
// displaying the page.
//
// Comments are included within this script to document changes made to
// the code with each new version of the script. Each comment also lists
// the author's initials to document who made the changes to the code.
//
// Copyright (C) 2006-2010 Dustin Cowell Enterprises
//
// License: GNU General Public License, Version 2
//
// Link: http://www.gnu.org/licenses/gpl-2.0.txt
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
// 
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
// 
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to:
//
// Free Software Foundation, Inc.
// 51 Franklin Street, Fifth Floor
// Boston, MA  02110-1301 USA
// =======================================================================

// =======================================================================
// Comment - Version 1.0 - DC
// =======================================================================

$admin_id = $_SESSION['admin_id'];
$admin_first_name = $_SESSION['admin_first_name'];
$admin_last_name = $_SESSION['admin_last_name'];
$admin_email_address = $_SESSION['admin_email_address'];
$admin_password = $_SESSION['admin_password'];
$admin_rights = $_SESSION['admin_rights'];

$page = $_GET['page'];
$request = $_GET['request'];

$results_per_page = $_SESSION['results_per_page'];

// =======================================================================
// Comment - Version 1.0 - DC
// =======================================================================

if (!$page and !$logout and !$admin_email_address) {

	echo($font_body . "<center><table border='0' cellspacing='0' cellpadding='10'><td><font face='arial' size='2'>");
	echo("<b>Administrator Login</b><p>");
	echo("<form action='" . $_SERVER['PHP_SELF'] . "?page=login&request=submit_form&include=admin_login.inc' method='post'>");
	echo("Email Address:<br>");
	echo("<input type='text' name='email_address'><p>");
	echo("Password:<br>");
	echo("<input type='password' name='password'><p>");
	echo("<table border='0' cellspacing='0' cellpadding='0'>");
	echo("<tr><td>");
	echo("<input type='submit' name ='submit' value ='Login'>&nbsp;");
	echo("</td>");
	echo("</form>");
	echo("<form action='" . $_SERVER['PHP_SELF'] . "?logout=logout' method='post'>");
	echo("<td>");
	echo("&nbsp;<input type='submit' name ='submit' value ='Cancel'>");
	echo("</td></tr>");
	echo("</table>");
	echo("</form>");
	echo("<p>[<a href='" . $_SERVER['PHP_SELF'] . "?page=login&request=forgot_password&include=admin_login.inc'>" . $link_color . "Forgot Password</font></a>]");
	echo("</font></td></table></center>");

}

// =======================================================================
// Comment - Version 1.0 - DC
// =======================================================================

if ($page == "login" and $request == "submit_form") {

	$submit_email_address = $_POST['email_address'];
	$submit_password = $_POST['password'];
	
	$db_lookup_admin_users = @mysql_query("SELECT id, first_name, last_name, email_address, password, rights FROM admin_users WHERE email_address='$submit_email_address'");
	$db_admin_user = @mysql_fetch_array($db_lookup_admin_users);
	
	$db_admin_id = $db_admin_user['id'];
	$db_admin_first_name = $db_admin_user['first_name'];
	$db_admin_last_name = $db_admin_user['last_name'];
	$db_admin_email_address = $db_admin_user['email_address'];
	$db_admin_password = $db_admin_user['password'];
	$db_admin_rights = $db_admin_user['rights'];
	
	if ($submit_email_address == $db_admin_email_address and $submit_password == $db_admin_password) {
		$_SESSION['admin_id'] = $db_admin_id;
		$_SESSION['admin_first_name'] = $db_admin_first_name;
		$_SESSION['admin_last_name'] = $db_admin_last_name;
		$_SESSION['admin_email_address'] = $db_admin_email_address;
		$_SESSION['admin_password'] = $db_admin_password;
		$_SESSION['admin_rights'] = $db_admin_rights;

//		$session_id = session_id();
//		echo "<p>session id: $session_id<p>";

		$db_lookup_admin_log_settings = @mysql_query("SELECT on_off FROM admin_log_settings WHERE event_type='Account Access'");
		$db_admin_log_settings = @mysql_fetch_array($db_lookup_admin_log_settings);

		$db_admin_log_settings_on_off = $db_admin_log_settings['on_off'];

		if ($db_admin_log_settings_on_off == "on") {
			$db_admin_log = "INSERT INTO admin_log SET " . 
				"date = '$date', " . 
				"time = '$time', " . 
				"user_id = '$db_admin_id', " . 
				"event_type = 'Account Access', " . 
				"event = 'Logged In'";
		}

		@mysql_query($db_admin_log);

		echo($font_body . "<center><table border='0' cellspacing='0' cellpadding='10'><td><font face='arial' size='2'>");
		echo("Welcome " . $db_admin_first_name . "! ");
		echo("Please <a href='" . $_SERVER['PHP_SELF'] . "'>click here</a> to proceed.");
		echo("</font></td></table></center>");
	} else {
		echo("<center><table border='0' cellspacing='0' cellpadding='10'><td><font face='arial' size='2'>");
		echo("The username and password that you entered is invalid. ");
		echo("Please <a href='" . $_SERVER['PHP_SELF'] . "'>try again</a>.");
		echo("</font></td></table></center>");
	}
}

// =======================================================================
// Comment - Version 1.0 - DC
// =======================================================================

if ($page == "login" and $request == "forgot_password") {

	echo($font_body . "<center><table border='0' cellspacing='0' cellpadding='10'><td><font face='arial' size='2'>");
	echo("<b>Forgot Password</b><p>");
	echo("<form action='" . $_SERVER['PHP_SELF'] . "?page=login&request=forgot_password_submit' method='post'>");
	echo("Email Address:<br>");
	echo("<input type='text' name='email_address'><p>");
	echo("<table border='0' cellspacing='0' cellpadding='0'>");
	echo("<tr><td>");
	echo("<input type='submit' name ='submit' value ='Submit'>&nbsp;");
	echo("</td>");
	echo("</td>");
	echo("</form>");
	echo("<form action='" . $_SERVER['PHP_SELF'] . "?login=admin' method='post'>");
	echo("<td>");
	echo("&nbsp;<input type='submit' name ='submit' value ='Cancel'>");
	echo("</td></tr>");
	echo("</table>");
	echo("</form>");
	echo("</font></td></table></center>");

}

// =======================================================================
// Comment - Version 1.0 - DC
// =======================================================================

if ($page == "login" and $request == "forgot_password_submit") {

	echo($font_body . "<center><font face='arial' size='2'>");
	echo("<b>Forgot Password</b><p>");

	$email_address = $_POST['email_address'];
	
	$db_lookup_admin_users = @mysql_query("SELECT first_name, last_name, email_address, password FROM admin_users WHERE email_address='$email_address'");
	$db_admin_users = @mysql_fetch_array($db_lookup_admin_users);
	
	$db_admin_users_first_name = $db_admin_users['first_name'];
	$db_admin_users_last_name = $db_admin_users['last_name'];
	$db_admin_users_email_address = $db_admin_users['email_address'];
	$db_admin_users_password = $db_admin_users['password'];

	$db_lookup_admin_settings = @mysql_query("SELECT setting FROM admin_settings WHERE setting_type='default_email'");
	$db_admin_settings = @mysql_fetch_array($db_lookup_admin_settings);
	$db_admin_settings_setting_default_email = $db_admin_settings['setting'];

	$admin_login_address = "http://" . $_SERVER['HTTP_HOST'] . "" . $_SERVER['PHP_SELF'] . "?login=admin";
	$website_address = "http://" . $_SERVER['HTTP_HOST'];

	$email_to = "$db_admin_users_email_address";
	$email_subject = "$db_themes_website_name Password Reminder";
	$email_body = "$db_admin_users_first_name $db_admin_users_last_name,\n\nHere is your password for $website_address.\n\nPassword: $db_admin_users_password\n\nGo here to login: $admin_login_address\n\nThis email was sent to you because someone (either you or someone else) submitted a forgot password request on $website_address.\n\nThank you,\n\n$db_themes_website_name\r$website_address";
	$email_headers = "From: $db_themes_website_name <$db_admin_settings_setting_default_email>";

	if (mail($email_to, $email_subject, $email_body, $email_headers)) {
		echo("Your password has been emailed to you. Click <a href='" . $_SERVER['PHP_SELF'] . "?login=admin'>" . $link_color . "here</font></a> to login.<p>");
	} else {
		echo("A login for $email_address does not exist. Please <a href='" . $_SERVER['PHP_SELF'] . "?page=login&request=forgot_password&include=admin_login.inc'>" . $link_color . "try again</font></a>.<p>");
	}

}

// =======================================================================
// Comment - Version 1.0 - DC
// =======================================================================

$logout = $_GET['logout'];

if ($logout) {
	
	$_SESSION = array();
	session_destroy();
	
	echo($font_body . "<center><table border='0' cellspacing='0' cellpadding='10'><td><font face='arial' size='2'>");
	echo("You have been logged out. To return to the main website, <a href='" . $_SERVER['PHP_SELF'] . "'>click here</a>.");
	echo("</font></td></table></center>");
}

?>
Return current item: FreePHPShoppingCartSoftware