Location: PHPKode > projects > Peruggia > peruggia/includes/login.php
<?php

/*
 * This file is part of Peruggia.
 *
 * Peruggia is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 3 of the License, or (at your option) any later
 * version.
 *
 * Peruggia is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * Peruggia; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
 */

if(isset($_SESSION['admin']) && ($_SESSION['admin']==1)){

  echo "<div align=center><h5>You are already logged in</h5></div>";

}elseif(isset($_GET['check']) && ($_GET['check']==1)){
  if($guard_auth_sqli){
    $creds = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($_POST['username'])."' AND password='".md5($_POST['password'])."'", $conx);
  }else{
    $creds = mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."' AND password='".md5($_POST['password'])."'", $conx);
  }
  $creds = mysql_fetch_array($creds);
  if($creds){
    if($guard_pers_xss){
      $_SESSION['username'] = htmlentities($creds['username']);
    }else{
      $_SESSION['username'] = $creds['username'];
    }
    $_SESSION['password'] = $creds['password'];
    $_SESSION['admin'] = 1;
    header("Location: ".$peruggia_root);
  }else{
    header("Location: ".$peruggia_root."?action=login");
  }

}else{

  ?>

  <div align=center>
  <fieldset style=width:300;>
  <legend><b>Login</b></legend>
  <form action=<?php echo $peruggia_root."?action=login&check=1"; ?> method=post>
  <br>
  Username: <input type=text name=username><br>
  Password: <input type=password name=password><br>
  <br><input type=submit value=Login><br>
  </form>
  </fieldset>
  </div>

  <?php

}

?>
Return current item: Peruggia