Location: PHPKode > projects > MyNews > mynews/login.php
<?php
// ----------------------------------------------------------------------
// MyNews
// Copyright (C) 2004 by Frank Mancuso Aka crash4o4
// https://sourceforge.net/projects/mynews/
// http://frankmancuso.ca
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Frank Mancuso aka crash4o4
// Purpose of file:
// ----------------------------------------------------------------------


include("mysql.php");
include("config.php");

// Check if install.php exists
$filename = 'install.php';

if (file_exists($filename)) {
   echo "<p><font color=red><b>Error:</b> install.php exists, delete file and refresh this page.</font></p>";
	exit();
}
//

 


$auth = false;

$request = $_SERVER['REQUEST_METHOD'];

if ( $request == "POST" )
{
	$username = $_POST['username'];
	$passwd = $_POST['passwd'];
	
	// Call mysql class
	$db = new db;
	$db->info['sql_host']		=	$conf['sql_host'];
	$db->info['sql_user']		=	$conf['sql_user'];
	$db->info['sql_pass']		=	$conf['sql_pass'];
	$db->info['sql_db']		=	$conf['sql_db'];
	$db->connect();
	$sql = "SELECT * FROM users WHERE username='$username' && password='$passwd' ";
	$check_query = $db->query($sql);
	$row = mysql_numrows($check_query);
	
	// Check if a match was found
	if ( $row != 0 )
	{
		$auth = true;
	}else{
		$auth = false;
	}

	if ( ! $auth )
	{
		echo "<p>Error: username or password entered was incorrect.<p>";
		echo "<p>Please try again, click here to return to 
		      <a href=\"login.php\">login</a> page.</p>";
		exit();
	}else{
		// If Auth didn't return false than login in user
	
		// Get Group Id
		$get_group = "SELECT group_id FROM users WHERE username='$username' ";
		$group_query = $db->query($get_group);
		$group_row = mysql_fetch_array($group_query);
		$group_id = $group_row['group_id'];
		
		// Generate Session Key
		$ip_address = $_SERVER['REMOTE_ADDR'];
		$rand1=rand(100000,900000);
		$rand2=rand(100000,900000);
		$session_key=$rand1.md5($ip_address)."F3dov4f".$rand2;
		
		// Check if user already has a session in db
		$sql2 = "SELECT * FROM sessions WHERE username='$username' 
			 AND password='$passwd' ";
		$check_query = $db->query($sql2);
		$check_result = mysql_numrows($check_query);

		// If user does not have session in db create one.
		if ( $check_result == 0 )
		{
			$sql3 = "INSERT INTO sessions SET username='$username',
			 	 password='$passwd',session_key='$session_key',
				 ip_address='$ip_address',group_id='$group_id'";
			$db->query($sql3);
				
		}
		// If User has a session in db update it.
		if ( $check_result != 0 )
		{
		$sql4 = "UPDATE sessions SET password='$passwd',
			 session_key='$session_key',ip_address='$ip_address' ";
		$db->query($sql4);
			
		}
		// Set Cookies
		$ccontent = "$username:$passwd:$ip_address:$session_key:$group_id";
    		setcookie ("authacc", "$ccontent");
	
			
		// Forward User to Private Page
		?>
			<html>
			<head>
			<title>Forwarding</title>
			<link rel="STYLESHEET" type="text/css" href="default.css">
			<META HTTP-EQUIV="Refresh" CONTENT="2;URL=admin.php">
			</head>
			<body>
			
			<table width="100%" border="0" cellspacing="0" cellpadding="0" height="95%" align="center">
  			<tr align="center" valign="middle"> 
    			<td> 
      			<table border="0" cellspacing="1" cellpadding="10" bgcolor="000000" width="70%">
        		<tr> 
          		<td bgcolor="c0c0c0" align="center"> 
            		<p><b> Hold on while Please Stand By While We Log You Out</b><br>
              		<br>
             		<a href="admin.php">Click here if you do not want to wait any longer<br>
              		(or if your browser does not automatically forward you)</a>
            		</p>
          		</td>
        		</tr>
      			</table>
    			</td>
  			</tr>
			</table>

			</body>
			</html>
		<?
	}
exit();

}
?>

<html>
<head>
<title>Login LogApp</title>
<link rel="STYLESHEET" type="text/css" href="default.css">
<script type="text/javascript" src="md5.js"></script>
</head>
<body>

<div align="center">

<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<div class="login_bg">

<form action="login.php" method="post">

<table width="400" border="0" cellpadding="3" cellspacing="0" id="login">

	<tr>
		<td width="400" colspan="3" height="75">&nbsp;</td>
	</tr>

	<tr>
		<td width="50">&nbsp;</td>
		<td width="100">Username</td>
		<td width="250"><input type="text" name="username" size="12"></td>
	</tr>

	<tr>
		<td width="50">&nbsp;</td>
		<td width="100">Password</td>
		<td width="250"><input type="password" name="passwd" size="12"></td>
	</tr>

	<tr>
		<td width="50">&nbsp;</td>
		<td width="100">&nbsp;</td>
		<td width="250"><input type="submit" onclick="passwd.value = hex_md5(passwd.value)" value="Login"></td>
	</tr>

</table>
</form>
</div>
</div>

</body>
</html>
Return current item: MyNews