<?
Include("Includes/global.inc.php");
forceSSL();
If ($HTTP_POST_VARS["btnSubmit"]!="") {
$strPassword = validateText("Password", $txtPassword, 6, 10, TRUE, FALSE);
$strUserName = validateText("User ID", $txtUserName, 3, 20, TRUE, FALSE);
If ($strError == "") {
$strPassword = md5($strPassword);
$strSQL = "SELECT id, securityLevel FROM tblSecurity WHERE userID='$strUserName' AND password='$strPassword'";
$result = dbquery($strSQL);
$row = mysql_fetch_row($result);
If ($row[0] != "") {
session_start();
$userID = $row[0];
$sessionTime = time();
$sessionSecurity = $row[1];
$strSQL2 = "Update tblSecurity Set lastLogin=".date("YmdHis")." Where id = ".$row[0];
$result2 = dbquery($strSQL2);
If (!$strError) {
header ("Location: $strRedir");
exit;
}
} Else {
$strError = "Either that username or password was incorrect.";
}
}
}
writeHeader("");
switch ($strError) {
case "timeout":
$strError = "Your session has timed out. Please log in again.";
break;
case "security":
$strError = "Sorry, you do not have rights to that page.";
$intNote = 1;
break;
case "login":
$strError = "Please log in.";
break;
case "":
$strError = "";
break;
}
If ($strError != "") {
echo "<b><font color='red'>$strError</font></b><br>";
}
?>
<form name="form1" method="POST" action="login.php">
<p><table border='0' width='380'>
<tr>
<td width='80'>UserID:</td>
<td width='300'><input type="text" name="txtUserName" value="<?echo $strUserName;?>" size="20"></td>
</tr>
<tr>
<td width='80'>Password:</td>
<td width='300'><input type="password" name="txtPassword" size="20"></td>
</tr>
</table><p>
<?
If (!$strRedir OR $intNote) {
$strRedir = "http://".makeHomeURL("login.php")."/index.php";
}
?>
<input type="hidden" name="strRedir" value="<?echo $strRedir;?>">
<input type="submit" value="Submit" name="btnSubmit">
<input type="reset" value="Reset" name="reset">
</form>
<a href='forgotPW.php'><font size='-1'>Forgot your password?</font></a>
<?
writeFooter();
?>