<?

# Slashster: Open Source Friend of a Friend Software
# Copyright 2004 Mark El-Wakil
# Contact: hide@address.com
# http://seventhcycle.net
#
# This file is part of Slashster.
#
# Slashster is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Slashster is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Slashster; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

    import_request_variables("gPc");

    require_once("PageClass.php");
    $mpage = new PageClass("authonly");

    if ($mpage->LoggedIn)
    {
         $_SESSION[userid] = "";
         $_SESSION[AES] = "";

         $Login = $mpage->user[Email];
         $mpage->Initialize("authonly");
    }

    if (($_SERVER[SERVER_PORT] != 443) && $mpage->sys[securenbl])
    {
        $url = $mpage->sys[secureurl];
        $url .= $_SERVER[SCRIPT_NAME];
        $url .= "?" . $_SERVER[QUERY_STRING] . "&" . sid;

        header("Location: $url");
        exit;
    }


    if ($submit)
    {

         $sql = "select * from UserTable where Email=\"$Login\" AND Pass= md5(concat(\"$Pass\",Salt)) ";
         $r = $mpage->DoQuery($sql,1);

         if (sizeof($r))
         {
           $r = $r[0];

           if (!$r[AES])
           {
               $mpage->MakeCert($r[Id], $Pass);
           }
           elseif ($r[SessionAES])
           {
               $aes = base64_decode($r[AES]);
               $sql = "select AES_DECRYPT(\"".mysql_escape_string($aes)."\", \"$Pass\") as AES1 
                       from UserTable where Id = $r[Id]";

               $enc = $mpage->DoQuery($sql,1);
               $_SESSION[AES] = $enc[0][AES1];
           }

           $_SESSION[userid] = $r[Id];


           if ($_SESSION[lgdest])
           {
               $url = $_SESSION[lgdest] . "?" . $_SESSION[lgqstr];

               if (sid) $url .= "&" . sid;

               $_SESSION[lgdest] = "";
               $_SESSION[lgqstr] = "";

               header("Location: $url");
               exit;
           } 

           header("Location: main.php?" . sid);
           exit;
         }
         else
         {
             $errmsg = "Bad Login / password";
         }
    }

    $mpage->Initialize("authremainder");


?>


<BR><BR><BR>

<table width=100% border=0 cellspacing=20px><tr><td>

<span class="title1">
Sign In</span>
<BR>

<? if ($errmsg) { ?>
        
                         
<P>
<table border=4 bordercolor=red cellspacing=0 cellpadding=5px>
<tr><td style="font: bold 16px arial; color:red;">
Error: <?= $errmsg ?>
</td></tr>
</table>
<P>
                         
<? } ?>


<form action="login.php" method="post">

<table cellpadding=0 cellspacing=0 width=300>
<tr>
<td class="stdtable" width=150><B>Login (Your Email)</b></td>
<td class="stdfilling" width=150><input name="Login"
    class="input" value="<?= htmlentities($Login) ?>"></td>
</tr>    

<tr>
<td class="stdtable" width=150><B>Password</b></td>
<td class="stdfilling" width=150><input name="Pass" type=password 
    class="input"></td>                                     
</tr>

</table>

<BR>
<input class="submit" name = "submit" type = "submit" value ="Submit">
<br>

<BR>

[ Not a member?  <a href="join.php">Sign up</a>! ]

<P>
<small>
[ Forget your <a href = "verify.php">Password</a>? ]
</small>

</center>
</form>

</td>

<td align=center valign=top>

<img width="300" height="156" src="images/logo2-<?= $mpage->CSS ?>.gif">

</td>

</tr></table>


<? $mpage->ClosePage() ?>