Location: PHPKode > projects > MyFWB - Faisal Shah's dition > MyFWB/includes/core_admin_login.php
<?php
session_start();
/*
MyFWB 1.0 Faisal Shah's ├ędition 
26 August 2008 23:34 French standard time.
This is a free software made to be good for some one, and it comes as it is with no warrenty, and it's a copy righted Software which means you can use and distribute it to un-limited number of people but can't edit / re-produce or re-make any thing from it's core code, This software is free for ever and for everyone, but REMOVING COPYRIGHT FROM THE BOTTOM OF ANY PART OF IT MAKES IT ILLEGAL TO USE. IF YOU DO THIS, AND WE GOT THE REPORT, IT CAN CAUSE THE TERMINATION OF YOUR SITE AND SOME TIMES WE DO REPORT THESE KIND OF CASES TO YOUR ISP (INTERNET PROVIDER TO SHUT DOWN YOUR INTERNET CONNETION).. SO PLEASE KEEP IT LEGAL. Thanks for using our product!
(c)2008 Faisal Tasleem Shah All Rights Reserved.
*/

require_once("configuration.php");
require_once("core_functions.php");

$connect = mysql_connect("$db_host","$db_user","$db_pass");
mysql_select_db("$db_name");

$login_form = "<div align=\"center\">
	<table width=\"50%\">
		<tr>
			<td>
			
			<form method=\"POST\" action=\"?action=log_in_now\">
				<fieldset style=\"padding: 2\">
				<legend>
				<b>Administrator Login of MyFWB</b>
				</legend>
				<p align=\"center\">Username :
				<input type=\"text\" name=\"admin_user\" size=\"20\"><p align=\"center\">
				Password : <input type=\"password\" name=\"admin_pass\" size=\"20\"></p>
				</fieldset><p align=\"center\">
				<input type=\"submit\" value=\"Submit\" name=\"submit\"> </p>
			</form>
			
			</td>
		</tr>
	</table>
</div>";

$forget_pass_form = "
	<div align=\"center\">
	<table width=\"50%\">
		<tr>
			<td>
			<img src=\"../images/logo.png\">
			
			<form method=\"POST\" action=\"?action=forgot_password_now\">
				<fieldset style=\"padding: 2\">
				<legend>
			<b>Forgot your password?</b>
				</legend>
				<p align=\"center\">Username :
				<input type=\"text\" name=\"admin_user\" size=\"20\"><p align=\"center\">
				Secret Code : <input type=\"text\" name=\"admin_secret\" size=\"17\"></p>
				</fieldset><p align=\"center\">
				<input type=\"submit\" value=\"Submit\" name=\"submit\"> </p>
				<p align=\"center\"><font face=\"Euphemia\" color=\"#FF0000\">Please 
				note that if your username and Secret Code <u>`the one given to 
you after installation`</u> matched in our the database, In new secreen you will 
find your password, and that password will be a quite long and difficult to 
remember :( However, just go to Admin CP and change the password once you 
login... Thanks fo using MyFWB!</font></p>
			</form>
			
			</td>
		</tr>
	</table>
</div>";


if($_GET["action"] == "login")
{
echo $login_form;
exit();
}elseif($_GET["action"] == log_in_now)
{
$admin_user = secure("$_POST[admin_user]");
$admin_pass_1 = secure("$_POST[admin_pass]");
$admin_pass_2 = md5("$admin_pass_1");
$admin_pass = base64_encode("$admin_pass_2");
$query_login = mysql_query("select * from user where userid=1");
$data_user_info = mysql_fetch_array($query_login);
$data_user = $data_user_info['username'];
$data_password = $data_user_info['password'];

if($data_user == $admin_user)
{
$sec1 = 1;
}else
{
echo "<b>Sorry, But your username and the username of Admin doesn't match...</b>";
echo $data_pass;
}

if($admin_pass == $data_password)
{
$sec2 = 1;
}else
{
echo "<br><b>Sorry, but the password you entered and the password of Admin doesn't match, you forgot your password? Why don't you try to <a href=\"?action=forgot_password\">recover it</a>?";
}

$security = $sec1 + $sec2;

if($security == 2)
{
$_SESSION["admin_permission"] = "Yes";
echo "Welcome <b>$data_user</b> <br> You have logged in successfully, <br><a href=\"?action=admin_home\">Click here</a> to go to Administrator Control Panel.";
echo "<meta http-equiv\"REFRESH\" content=\"0;URL=\">";
exit();
}

if($_SESSION["admin_permission"] !== "Yes")
{
echo $login_form;
exit();
}
}

if($_GET["action"] == "forgot_password")
{
echo $forget_pass_form;
exit();
}elseif($_GET["action"] == "forgot_password_now")
{

$admin_user = secure("$_POST[admin_user]");
$admin_secret = secure("$_POST[admin_secret]");

$query_info = mysql_query("select username, secret from user where userid=1");

$query_info_back = mysql_fetch_array($query_info);

$user_name = $query_info_back['username'];
$user_secret = $query_info_back['secret'];
if($admin_user == $user_name)
{
$sec1 = 1;
}else
{
echo "<b>Sorry, but the username you entered doesn't match to the one in Database...";
}

if($admin_secret == $user_secret)
{
$sec2 = 1;
}else
{
echo "<br><b>Sorry, but the Secret code you entered is not matching with the one in our database...";

}

$security = $sec1 + $sec2;

if($security == 2)
{
$new_pass = session_id();

$new_pass1 = md5("$new_pass");
$new_pass_final = base64_encode("$new_pass1");

$query_new_pass = mysql_query("update user set password = '$new_pass_final' where userid=1");

echo "<p><b><font size=\"6\" face=\"Euphemia\" color=\"#FF0000\">Congratulation...</font></b></p>
<p><b><font face=\"Euphemia\" color=\"#FF0000\">Your password is successfully been 
changed, your new password is ;</font></b></p>
<p><input type=\"text\" name=\"new_pass\" value=\"$new_pass\" size=\"62\"></p>
<p>I know it's quite long :( But hey don't be worry, you just simply login to 
your <a href=\"?action=login\">Admin Cp</a> with this password and your username, and change the Password ;)</p>
<p>Thanks for using MyFWB....</p>";
exit();
}else
{
echo $forget_pass_form;
exit();	
}
}
?>
Return current item: MyFWB - Faisal Shah's dition