Location: PHPKode > projects > Online Fantasy Football League > offl-0.2.6/www/index.php
<?php
/**
 * Login page
 *
 * Passwords are presently cleartext.  Not sure how to fix save SSL.
 *
 * Also, I'd like to force initial focus to the username field.  Finally, some form of password reset would be nice.
 *
 * @author Stephen Rochelle <hide@address.com>
 * @version OFFL v0.2
 * @copyright Copyright (c) 2004 Stephen Rochelle.  Some rights reserved.
 * @package offl-ui
 */

$pageTitle = "Login";
$public=1;
$emsg = NULL;

// prevent output while header is loaded
ob_start();
	
require_once("offlconfig.php");
require_once($DOC_ROOT . "/lib/header.php");

if(isset($_SESSION["user_id"]))
{
?><META http-equiv="refresh" content="0; URL=<?php echo $WEB_ROOT . "/leagues.php" ?>"><?php
}
else
{
    if (isset($_POST["entryType"]) && ($_POST["entryType"] == "Input"))
    {
		if (($_POST["userid"] == "guest") || ($_POST["userid"] == ""))
		{
			// this login is for browsing only.
			$_SESSION["fflteam_id"] = -1;
			$_SESSION["user_id"] = -1;
			$_SESSION["league_id"] = NULL;
		}
		else
		{
	        $auth = new OFFL_User();
		    $user = $auth->cryptAuth($_POST["userid"],$_POST["password"]);
			if (is_null($user))
			{
				$emsg = "Password not accepted.";
			}
	        else
		    {
	            $_SESSION["user_id"] = $user->getUserID();

				setcookie(OFFL_COOKIE_NAME, md5($user->getUsername() . "--" . $user->getPasswordHash()), time() + 3600*24*14);

				if($user->getAdmin() == 1)
				{    $_SESSION["admin"] = TRUE;	}
			}
		}
		if (!isset($emsg))
		{
			?>
		    <div class="success"><p>Login Successful.</p>

			<p>You are being redirected to the <a href="<?php echo $WEB_ROOT; ?>/leagues.php">main menu</a>.</p></div>
		    <META http-equiv="refresh" content="0; URL=<?php echo $WEB_ROOT . "/leagues.php" ?>">
			<?php
		}
    }
// allow output now
ob_end_flush();
?>

        <!-- Stuff goes here -->

<?php
if (isset($emsg))
{
?>
<p>
<div class="alert">
There has been an error trying to authenticate logon.<br>
Error Message: <?php echo $emsg ?><p>
Please try again.
</div>
<p>
<?php
}
if (isset($_GET["login"]))
{ ?>
<div class="alert">
You cannot access that page without logging in.
</div>
<?php } 
?>
	<script language="javascript">
		function hashPassword()
		{
			document.forms.login.password.value = hex_md5(hex_md5(document.forms.login.userpassword.value) + document.forms.login.logintime.value);
			document.forms.login.userpassword.value = ""; // oops!  Almost sent this in the clear anyway!
			document.forms.login.logintime.value = ""; // just in case
			document.forms.login.submit();
		}
		
		function checkEnter(e)
		{ //e is event object passed from function invocation
			var characterCode; // literal character code will be stored in this variable

			if(e && e.which)
			{ //if which property of event object is supported (NN4)
				e = e;
				characterCode = e.which; //character code is contained in NN4's which property
			}
			else
			{
				e = event;
				characterCode = e.keyCode; //character code is contained in IE's keyCode property
			}
			
			if(characterCode == 13)
			{ //if generated character code is equal to ascii 13 (if enter key)
				e.cancelBubble = true; // maybe cancels beep?
				hashPassword(); // submit form
				return false;
			}
			return true;
		}
	</script>

    <form id="login" action="index.php" method="post">
    <table border="0">
      <tr>
        <td class="normalfont">
          Username:
        </td>
        <td class="normalfont">
          <input type="text" name="userid" class="fieldfont" tabindex="1" value="<?php if (isset($_POST["userid"])) { echo $_POST["userid"]; } ?>" />
        </td>
      </tr>
      <tr>
        <td class="normalfont">
          Password:
        </td>
        <td class="normalfont">
          <input type="password" name="userpassword" class="fieldfont" tabindex="2" value="" onKeyPress="checkEnter(event)" />
        </td>
      </tr>
      <tr>
        <td>
          <input type="button" name="submitBtn" value="Submit" onclick="hashPassword()" />
        </td>
      </tr>
    </table>
      <input type="hidden" name="entryType" value="Input" />
      <input type="hidden" name="password" value="" />
      <input type="hidden" name="logintime" value="<?php echo $_SESSION["login_time"]; ?>" />
    </form>
	<p>Leave the form blank to browse as a guest.</p>
<?php
}

require($DOC_ROOT . "/lib/footer.php"); ?>
Return current item: Online Fantasy Football League