<?php
// ----------------------------------------------------------------------
// MyNews
// Copyright (C) 2004 by Frank Mancuso Aka crash4o4
// https://sourceforge.net/projects/mynews/
// http://frankmancuso.ca
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Frank Mancuso aka crash4o4
// Purpose of file:
// ----------------------------------------------------------------------
include("mysql.php");
include("config.php");
// Check if install.php exists
$filename = 'install.php';
if (file_exists($filename)) {
echo "<p><font color=red><b>Error:</b> install.php exists, delete file and refresh this page.</font></p>";
exit();
}
//
$auth = false;
$request = $_SERVER['REQUEST_METHOD'];
if ( $request == "POST" )
{
$username = $_POST['username'];
$passwd = $_POST['passwd'];
// Call mysql class
$db = new db;
$db->info['sql_host'] = $conf['sql_host'];
$db->info['sql_user'] = $conf['sql_user'];
$db->info['sql_pass'] = $conf['sql_pass'];
$db->info['sql_db'] = $conf['sql_db'];
$db->connect();
$sql = "SELECT * FROM users WHERE username='$username' && password='$passwd' ";
$check_query = $db->query($sql);
$row = mysql_numrows($check_query);
// Check if a match was found
if ( $row != 0 )
{
$auth = true;
}else{
$auth = false;
}
if ( ! $auth )
{
echo "<p>Error: username or password entered was incorrect.<p>";
echo "<p>Please try again, click here to return to
<a href=\"login.php\">login</a> page.</p>";
exit();
}else{
// If Auth didn't return false than login in user
// Get Group Id
$get_group = "SELECT group_id FROM users WHERE username='$username' ";
$group_query = $db->query($get_group);
$group_row = mysql_fetch_array($group_query);
$group_id = $group_row['group_id'];
// Generate Session Key
$ip_address = $_SERVER['REMOTE_ADDR'];
$rand1=rand(100000,900000);
$rand2=rand(100000,900000);
$session_key=$rand1.md5($ip_address)."F3dov4f".$rand2;
// Check if user already has a session in db
$sql2 = "SELECT * FROM sessions WHERE username='$username'
AND password='$passwd' ";
$check_query = $db->query($sql2);
$check_result = mysql_numrows($check_query);
// If user does not have session in db create one.
if ( $check_result == 0 )
{
$sql3 = "INSERT INTO sessions SET username='$username',
password='$passwd',session_key='$session_key',
ip_address='$ip_address',group_id='$group_id'";
$db->query($sql3);
}
// If User has a session in db update it.
if ( $check_result != 0 )
{
$sql4 = "UPDATE sessions SET password='$passwd',
session_key='$session_key',ip_address='$ip_address' ";
$db->query($sql4);
}
// Set Cookies
$ccontent = "$username:$passwd:$ip_address:$session_key:$group_id";
setcookie ("authacc", "$ccontent");
// Forward User to Private Page
?>
<html>
<head>
<title>Forwarding</title>
<link rel="STYLESHEET" type="text/css" href="default.css">
<META HTTP-EQUIV="Refresh" CONTENT="2;URL=admin.php">
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="95%" align="center">
<tr align="center" valign="middle">
<td>
<table border="0" cellspacing="1" cellpadding="10" bgcolor="000000" width="70%">
<tr>
<td bgcolor="c0c0c0" align="center">
<p><b> Hold on while Please Stand By While We Log You Out</b><br>
<br>
<a href="admin.php">Click here if you do not want to wait any longer<br>
(or if your browser does not automatically forward you)</a>
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?
}
exit();
}
?>
<html>
<head>
<title>Login LogApp</title>
<link rel="STYLESHEET" type="text/css" href="default.css">
<script type="text/javascript" src="md5.js"></script>
</head>
<body>
<div align="center">
<p> </p>
<p> </p>
<p> </p>
<div class="login_bg">
<form action="login.php" method="post">
<table width="400" border="0" cellpadding="3" cellspacing="0" id="login">
<tr>
<td width="400" colspan="3" height="75"> </td>
</tr>
<tr>
<td width="50"> </td>
<td width="100">Username</td>
<td width="250"><input type="text" name="username" size="12"></td>
</tr>
<tr>
<td width="50"> </td>
<td width="100">Password</td>
<td width="250"><input type="password" name="passwd" size="12"></td>
</tr>
<tr>
<td width="50"> </td>
<td width="100"> </td>
<td width="250"><input type="submit" onclick="passwd.value = hex_md5(passwd.value)" value="Login"></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>