Location: PHPKode > projects > php4flicks movie database > php4flicks_0.4.1g_MU/login.php
<?
/*	php4flicks movie database (c) mr.Fox					*
 *	released under the GNU General Public License				*
 *	contact and additional information: http://php4flicks.ch.vu		*/

 	//login.php
	// this is used for both login and logout, in contrast to what the name suggests...

session_start();

if(!isset($_GET['action'])) $_GET['action'] = '';

require_once('config/config.php');



switch($_GET['action']){
	case 'logout':
		// destroy session

?>	
		<script language="javascript">
			opener.document.filterform.login.value = '0';
			opener.document.filterform['filter'].value = '';
			opener.document.filterform.filtertitle.value = '';
			opener.document.filterform.submit();
			window.close();
		</script>
<?
		if ($_SESSION['budmail'] >= 1) {
			$sentto = '';
			$query1='SELECT uid, buid, acclevel FROM (buddies LEFT JOIN logins ON uid=user_id) WHERE uid='.$_SESSION['uid'].' AND acclevel>=1 ORDER BY buid';
			$result1 = mysql_query($query1) or die(mysql_error());
			while($row1 = mysql_fetch_array($result1)) {
				$sentto .= get_user_info('user',$row1['buid']).';';
			}
			$sentto = substr($sentto,0,strlen($sentto)-1);
			$subject = 'Your Buddy Notification - Movie Added';
			$body = 'This email is to notify you that '.$_SESSION['user'].' has added the following movies:<br><br>';
			$m = Array();
			$m = explode(",",$_SESSION['inmovies']);
			foreach ($m as $val) {
				if ($val <> '') {
					$body .= '\''.get_movie_info('name',$val).'\'<br>';
				}
			}
			$body .= '<br><br>Sent to: '.$sentto.'<br>';
			$buidmail = buddyaddress($_SESSION['uid']);
			hmail($buidmail,$subject,$body,0);
		}

		session_unset();
		session_destroy();
		break;
		
	case 'login':
		//don't try to log in twice
		if(isset($_SESSION['user'])){
?>	
			<script language="javascript">
				opener.location.href=opener.location.href.replace('#',''); window.close();
			</script>
<?
			die();
		}
		//username, password were submitted
		require_once('config/config.php');
		mysql_connect($cfg['mysql_host'], $cfg['mysql_user'], $cfg['mysql_pass']);
		mysql_select_db($cfg['mysql_db']) or die( "Unable to select database");
		$query="select * from logins where acclevel<>0";
		$result=mysql_query($query);
		$num=mysql_num_rows($result);
		$i=0;
		while ($i < $num) {
			$cfg['users'][$i]['user'] = mysql_result($result,$i,"user");
			$cfg['users'][$i]['uid'] = mysql_result($result,$i,"user_id");
			$cfg['users'][$i]['md5pass'] = mysql_result($result,$i,"pasword");
			$cfg['users'][$i]['access'] = mysql_result($result,$i,"acclevel");
			$cfg['users'][$i]['uemail'] = mysql_result($result,$i,"email");
			$cfg['users'][$i]['paypal'] = mysql_result($result,$i,"paypal");
			$cfg['users'][$i]['nofflicks'] = mysql_result($result,$i,"nofflicks");
			$cfg['users'][$i]['privacy'] = mysql_result($result,$i,"pri");
			$cfg['users'][$i]['subscribed'] = mysql_result($result,$i,"subscribed");
			$cfg['users'][$i]['disppics'] = mysql_result($result,$i,"disppics");
			$cfg['users'][$i]['textmail'] = mysql_result($result,$i,"textmail");
			$i++;
		}
		// check if username, pw are in user-array
		foreach($cfg['users'] as $u){
			if ($u['user'] == $_POST['user'] && $u['md5pass'] == md5($_POST['pass'])){
				//username, pw ok!
				$_SESSION['user'] = $_POST['user'];
				$_SESSION['uid'] = $u['uid'];
				$_SESSION['access'] = $u['access'];
				$_SESSION['uemail'] =$u['uemail'];
				$_SESSION['paypal'] =$u['paypal'];
				$_SESSION['nofflicks'] = $u['nofflicks'];
				$_SESSION['privacy'] = $u['privacy'];
				$_SESSION['subscribed'] = $u['subscribed'];
				$_SESSION['disppics'] = $u['disppics'];
				$_SESSION['textmail'] = $u['textmail'];
				$_SESSION['budmail'] = 0;
				break;
			}
		}
		if(!isset($_SESSION['user'])){
			if(isset($_GET['location']))
				header('location: login.php?location='.$_GET['location']);
			else
				header('location: login.php');
		} else {	//pw,username ok, so return to location specified by caller and close login window.
		?>
			<script language="javascript">
				opener.document.filterform.login.value = '1';
				opener.document.filterform.submit();
				<?= (isset($_GET['location'])?'location.href=\''.$_GET['location'].'\'':'window.close();')?>
			</script>
		<? }
		break;
	default:
		// neighter login nor logout, so just display login form
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
<html>
	<head>
		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1"/>
		<title>Enter Username, Password</title>
		<link rel="stylesheet" type="text/css" href="config/flicks.css"/>
		<!-- another ugly hack because microsoft thinks standards are not for them -->
		<!--[if IE]>
			<style>
			#footer{
				position:absolute;
				left:0px;
				bottom:0px;
			}		
			</style>
		<![endif]-->

		<script type="text/JavaScript">
			go = new Image();		go.src = 'pics/go.gif';
			go_a = new Image(); 		go_a.src = 'pics/go_a.gif';

			stop = new Image();		stop.src = 'pics/stop.gif';
			stop_a = new Image(); 		stop_a.src = 'pics/stop_a.gif';

			retrieve = new Image();		retrieve.src = 'pics/retrieve.gif';
			retrieve_a = new Image(); 	retrieve_a.src = 'pics/retrieve_a.gif';

			function swap(imgID,img) {
				//imgID: img name, imgObjName: new image!
				document.images[imgID].src = eval(img + ".src");
			}
			
			function submitenter(myfield,e){
				var keycode;
				if (window.event) keycode = window.event.keyCode;
				else if (e) keycode = e.which;
				else return true;
				if (keycode == 13){
 					myfield.form.submit();
 					return false;
 				}else return true;
 			}
		</script>
	</head>

	<body onload="document.data.user.focus(); ">
		<div id="header">Login:</div>
		<div id="content">
			<form name="data" action="login.php?action=login<? if(isset($_GET['location'])) echo('&location='.$_GET['location']); ?>" method="post">
				<input type="text" class="inputmed" name="user" value="username" onfocus="this.value='';"/><br/>
				<input type="password" class="inputmed" name="pass" value="password" onfocus="this.value='';" onkeydown="submitenter(this,event)"/>
			</form>
		</div>
		<div id="footer">
			<img name="retrieve" alt="retrieve password" src="pics/retrieve.gif" onmouseover="swap('retrieve','retrieve_a')" onmouseout="swap('retrieve','retrieve')" onclick="document.data.action='members/adduser.php?action=getpw'; document.data.submit(); this.onclick='return false'"/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
			<img name="stop" alt="abort" src="pics/stop.gif" onmouseover="swap('stop','stop_a')" onmouseout="swap('stop','stop')" onclick="window.close();"/>
			<img name="go" alt="log me in!" src="pics/go.gif" onclick="document.data.submit();" onmouseover="swap('go','go_a')" onmouseout="swap('go','go')"/>&nbsp;
		</div>
	</body>

</html>
<?

} // end switch
Return current item: php4flicks movie database