Location: PHPKode > projects > Moers - Event Registration System > moers-1.046/index_backup.php
<?php
/************************************************************************************
    Copyright © 2008 xhub.com

    Bill Bennert
    5 Hooksett Tpke
    Bow, NH 03304-4414
    hide@address.com

    This file is part of the SCCNH Online Registration System.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

    Any system sensitive data such as IP addresses, usernames, and passwords 
    must be removed from any files before distribution.

************************************************************************************/

include 'include/functions.php';

function displayLogin()
{
?>

<form name="logonform" action="https://secure.netsolhost.com/xhub.com/sccnh/index_backup.php" method="post">

<table border="0">
<tr><td colspan=2><font size=\"6\">Login</font></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="50">
</td><td><img src="images/lock.png" /></td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td><td><a href="https://secure.netsolhost.com/xhub.com/sccnh/register.php">Register</a></td></tr>
<tr><td></td><td><a href="http://sccnh.xhub.com/forgot.php">Forgot Password</a></td></tr>
</table>
</form>

<script type="text/javascript" language="JavaScript">
document.forms['logonform'].elements['username'].focus();
</script>

<br>
Site works best with Firefox&#153;
 <a target="_blank" href="http://getfirefox.com/" title="Get Firefox - The Browser, Reloaded.">
<img src="http://www.mozilla.org/products/firefox/buttons/getfirefox_88x31.png"
width="88" height="31" border="0" alt="Get Firefox"></a> 
<a target="_blank" href="http://en.wikipedia.org/wiki/Mozilla_Firefox">[wiki]</a><br>

<?php
}

function displaySystemOffline()
{
  echo file_get_contents("header.html");
  echo "<h2>System offline for updates.</h2>\n";
  echo "<h3>Please check back later.</h3>\n";
  echo "<h4>Thank you. -Bill</h4>\n";
  echo file_get_contents("footer.html");
  die();
}

//displaySystemOffline();

//Checks if there is a login cookie
//if there is, it logs you in and directes you to the members page
if (!isset($_COOKIE['SCCNH_ID']) && !isset($_POST['submit']))
{
  // if they are not logged in
  echo file_get_contents("header.html");
  displayLogin();
  echo file_get_contents("footer.html");
}
else
{
  // Connects to your Database
  connectDatabase();

  // Clean arrays to prevent injection attacks
  slashArray($_COOKIE);
  slashArray($_POST);

  header("Content-Type: text/html; charset=utf-8");

  // if they already have a cookie, make sure it's valid.
  if (isset($_COOKIE['SCCNH_ID']))
  {
    $query = "SELECT * FROM users WHERE user_hash = '".$_COOKIE['SCCNH_ID']."'";
    $check = mysql_query($query);

    while($info = mysql_fetch_array( $check ))
    {
      if ($_COOKIE['SCCNH_Session_ID'] != $info['session_id'])
      {
	header('Location: logout.php');
      }
      else
      {
        header('Location: members.php');
      }
    }
  }
  
  //if the login form is submitted
  if (isset($_POST['submit']))
  {
    // makes sure they filled it in
    if(!$_POST['username'] | !$_POST['password'])
    {
      echo file_get_contents("header.html");
      echo "<h2>You did not fill in a required field.</h2>\n";
      displayLogin();
      echo file_get_contents("footer.html");
      die(' ');
    }

    // checks it against the database
    $query = "SELECT * FROM users WHERE username = '".$_POST['username']."'";
    $check = mysql_query($query)or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0)
    {
      echo file_get_contents("header.html");
      echo "<h2>That user does not exist in our database. <a href=register.php>Click Here to Register</a>\n";
      displayLogin();
      echo file_get_contents("footer.html");
      die(' ');
    }
    while($info = mysql_fetch_array( $check ))
    {
      $_POST['password'] = stripslashes($_POST['password']);
      $clearPass = $_POST['password'];
      $info['pass'] = stripslashes($info['pass']);
      $_POST['password'] = md5($_POST['password']);

      //gives error if the password is wrong
      if ($_POST['password'] != $info['pass'])
      {
        $clearPass = rand_string(32);
        echo file_get_contents("header.html");
        echo "Incorrect password, please try again.\n";
	echo file_get_contents("footer.html");
	die(' ');
      }
      else
      {
        // if login is ok then we add a cookie
        $username = $_POST['username'];

        $sessionId = rand_string(32);

        // update lastLogon & session id
        $now = date('Y-m-d');
        $update = "UPDATE users SET lastLogon='$now', session_id='$sessionId' WHERE username='$username'";
        $result = mysql_query($update);

        if ($info['user_hash'] == "")
        {
          $hashUsername = md5(stripslashes($username));
          $update = "UPDATE users SET user_hash='$hashUsername' WHERE username='$username'";
          $result = mysql_query($update);
        }
        else
        {
          $hashUsername = $info['user_hash'];
        }

        setcookie("SCCNH_ID", $hashUsername, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
        setcookie("SCCNH_Session_ID", $sessionId, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);


        $sessionId = rand_string(32);

        if (!isPasswordValid($clearPass))
        {
          $clearPass = rand_string(32);
          setcookie("SCCNH_KEY", $clearPass, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
          header('Location: password.php');
        }
        else
        {
          $clearPass = rand_string(32);
          logLogin($hashUsername);
          //then redirect them to the members area
          header('Location: members.php');
        }
      }
    } // end while
  }
}
?>
Return current item: Moers - Event Registration System