<?php
/************************************************************************************
Copyright © 2008 xhub.com
Bill Bennert
5 Hooksett Tpke
Bow, NH 03304-4414
hide@address.com
This file is part of the SCCNH Online Registration System.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Any system sensitive data such as IP addresses, usernames, and passwords
must be removed from any files before distribution.
************************************************************************************/
include 'include/functions.php';
function displayLogin()
{
?>
<form name="logonform" action="https://secure.netsolhost.com/xhub.com/sccnh/index_backup.php" method="post">
<table border="0">
<tr><td colspan=2><font size=\"6\">Login</font></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="50">
</td><td><img src="images/lock.png" /></td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td><td><a href="https://secure.netsolhost.com/xhub.com/sccnh/register.php">Register</a></td></tr>
<tr><td></td><td><a href="http://sccnh.xhub.com/forgot.php">Forgot Password</a></td></tr>
</table>
</form>
<script type="text/javascript" language="JavaScript">
document.forms['logonform'].elements['username'].focus();
</script>
<br>
Site works best with Firefox™
<a target="_blank" href="http://getfirefox.com/" title="Get Firefox - The Browser, Reloaded.">
<img src="http://www.mozilla.org/products/firefox/buttons/getfirefox_88x31.png"
width="88" height="31" border="0" alt="Get Firefox"></a>
<a target="_blank" href="http://en.wikipedia.org/wiki/Mozilla_Firefox">[wiki]</a><br>
<?php
}
function displaySystemOffline()
{
echo file_get_contents("header.html");
echo "<h2>System offline for updates.</h2>\n";
echo "<h3>Please check back later.</h3>\n";
echo "<h4>Thank you. -Bill</h4>\n";
echo file_get_contents("footer.html");
die();
}
//displaySystemOffline();
//Checks if there is a login cookie
//if there is, it logs you in and directes you to the members page
if (!isset($_COOKIE['SCCNH_ID']) && !isset($_POST['submit']))
{
// if they are not logged in
echo file_get_contents("header.html");
displayLogin();
echo file_get_contents("footer.html");
}
else
{
// Connects to your Database
connectDatabase();
// Clean arrays to prevent injection attacks
slashArray($_COOKIE);
slashArray($_POST);
header("Content-Type: text/html; charset=utf-8");
// if they already have a cookie, make sure it's valid.
if (isset($_COOKIE['SCCNH_ID']))
{
$query = "SELECT * FROM users WHERE user_hash = '".$_COOKIE['SCCNH_ID']."'";
$check = mysql_query($query);
while($info = mysql_fetch_array( $check ))
{
if ($_COOKIE['SCCNH_Session_ID'] != $info['session_id'])
{
header('Location: logout.php');
}
else
{
header('Location: members.php');
}
}
}
//if the login form is submitted
if (isset($_POST['submit']))
{
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['password'])
{
echo file_get_contents("header.html");
echo "<h2>You did not fill in a required field.</h2>\n";
displayLogin();
echo file_get_contents("footer.html");
die(' ');
}
// checks it against the database
$query = "SELECT * FROM users WHERE username = '".$_POST['username']."'";
$check = mysql_query($query)or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
echo file_get_contents("header.html");
echo "<h2>That user does not exist in our database. <a href=register.php>Click Here to Register</a>\n";
displayLogin();
echo file_get_contents("footer.html");
die(' ');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = stripslashes($_POST['password']);
$clearPass = $_POST['password'];
$info['pass'] = stripslashes($info['pass']);
$_POST['password'] = md5($_POST['password']);
//gives error if the password is wrong
if ($_POST['password'] != $info['pass'])
{
$clearPass = rand_string(32);
echo file_get_contents("header.html");
echo "Incorrect password, please try again.\n";
echo file_get_contents("footer.html");
die(' ');
}
else
{
// if login is ok then we add a cookie
$username = $_POST['username'];
$sessionId = rand_string(32);
// update lastLogon & session id
$now = date('Y-m-d');
$update = "UPDATE users SET lastLogon='$now', session_id='$sessionId' WHERE username='$username'";
$result = mysql_query($update);
if ($info['user_hash'] == "")
{
$hashUsername = md5(stripslashes($username));
$update = "UPDATE users SET user_hash='$hashUsername' WHERE username='$username'";
$result = mysql_query($update);
}
else
{
$hashUsername = $info['user_hash'];
}
setcookie("SCCNH_ID", $hashUsername, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
setcookie("SCCNH_Session_ID", $sessionId, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
$sessionId = rand_string(32);
if (!isPasswordValid($clearPass))
{
$clearPass = rand_string(32);
setcookie("SCCNH_KEY", $clearPass, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
header('Location: password.php');
}
else
{
$clearPass = rand_string(32);
logLogin($hashUsername);
//then redirect them to the members area
header('Location: members.php');
}
}
} // end while
}
}
?>