Location: PHPKode > projects > Spacemarc News > spacemarc-news/admin/login.php
<?php

/*****************************************************************
*  Spacemarc News
*  Version: 1.2.0
*  Author and copyright (C): Marcello Vitagliano
*  Web site: http://www.spacemarc.it
*  License: GNU General Public License
*
*  This program is free software: you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation, either version 3
*  of the License, or (at your option) any later version.
*
*  Current file: login.php
*****************************************************************/
session_start();
define('IN_NEWS', true);
header('Content-type: text/html; charset=ISO-8859-1');

//controllo che non sia presente la directory di aggiornamento e installazione dello script
$install_dir = '../install';

if (is_dir($install_dir)) {
    die("ATTENZIONE! DEVI CANCELLARE LA DIRECTORY $install_dir");
}

//includo i file di configurazione
require_once (dirname(__FILE__) . '/../config.php');
require_once (dirname(__FILE__) . '/../lang/lang.php');
$db = mysql_connect($db_host, $db_user, $db_password) or die("Impossibile connettersi a MySQL<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
mysql_select_db($db_name, $db) or die("Impossibile selezionare il database $db_name<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
$cookie = (isset($_COOKIE['accesso_news'])) ? $_COOKIE['accesso_news'] : NULL;

if (isset($_SESSION['loggato']) && $_SESSION['loggato'] == 'login_ok') {
    header("Location: " . $dir_admin . "/inserisci.php");
    exit();
}

if ($cookie) {
    $parte1 = substr($cookie, 0, 32);
    $result = mysql_query("SELECT token FROM $tab_utenti WHERE MD5(token)='$parte1' LIMIT 1");
    $riga = mysql_fetch_assoc($result);
    
    if (md5($riga['token']) != $parte1) {
        header("Location: " . $dir_admin . "/logout.php");
        exit();
    }
}

if ($cookie && !isset($_SESSION['loggato'])) {
    header("Location: " . $dir_admin . "/inserisci.php");
    exit();
}
$errore_login = NULL;
$abilitato_no = NULL;

if (isset($_POST['submit'])) {
    define('SALT', '0123456789abcdefghij>-+*/%!=[$');
    $email = trim($_POST['email']);
    $pass = md5(SALT . $_POST['user_password']);

    //se magic_quotes_gpc è disattivato (Off) uso mysql_real_escape_string
    
    if (!get_magic_quotes_gpc()) {
        $email = mysql_real_escape_string($email);
        $pass = mysql_real_escape_string($pass);
    }
    $result = mysql_query("SELECT user_id, livello_id, attivo, nome_cognome FROM $tab_utenti WHERE email='$email' AND user_password='$pass' ORDER BY user_id ASC LIMIT 1") or die("Impossibile effettuare la query<br />Tipo di errore: " . mysql_error());

    //estraggo le righe che mi interessano
    $riga = mysql_fetch_assoc($result);

    //se la query restiuisce una riga e l'utente è abilitato
    
    if (mysql_num_rows($result) == 1 && $riga['attivo'] == 1) {

        //registro le sessione che mi servono
        $_SESSION['loggato'] = "login_ok";
        $_SESSION['user_id'] = $riga['user_id'];
        $_SESSION['livello_id'] = $riga['livello_id'];
        $_SESSION['nome_cognome_sess'] = $riga['nome_cognome'];

        //invio un cookie che dura 21 giorni
        
        if (isset($_POST['accesso_news'])) {
            $expire = 1814400;
            $random = mt_rand(0, 32);
            $token = md5($random . time());
            setcookie("accesso_news", md5($token) , time() + $expire);
            mysql_query("UPDATE $tab_utenti SET token='$token', cookie=1, ultimo_accesso=" . mktime() . " WHERE user_id=" . intval($_SESSION['user_id']));
        }
        else {
            mysql_query("UPDATE $tab_utenti SET ultimo_accesso=" . mktime() . " WHERE user_id=" . intval($_SESSION['user_id']));
        }
        header("Location: " . $dir_admin . "/inserisci.php");
        exit();

        //se la query restiuisce una riga e l'utente non è abilitato
        
    }
    elseif (mysql_num_rows($result) == 1 && $riga['attivo'] == 0) {
        $errore_login = NULL;
        $abilitato_no = "<div id=\"error\">" . $lang['user_non_aut'] . "</div>";

        //se la query restiuisce zero righe
        
    }
    elseif (mysql_num_rows($result) == 0) {
        $abilitato_no = NULL;
        $errore_login = "<div id=\"error\">" . $lang['invalid_user_pass'] . "</div>";
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">     
  <head>         
    <title>Amministrazione news - Login
    </title>         
    <link rel="stylesheet" href="../style.css" type="text/css" media="screen" />    		
<script language="JavaScript" src="../javascript.js" type="text/JavaScript"></script>      
  </head>     
  <body>        
    <p>&nbsp;     
    </p>	     
    <form name="login" action="login.php" method="post">		       
      <div id="login"><br />		&nbsp;         
        <b class="text">Email &nbsp;&nbsp; &nbsp; &nbsp;</b>          
        <input type="text" name="email" maxlength="30" size="16" id="email" /><br /><br />		&nbsp;         
        <b class="text">Password</b>          
        <input type="password" name="user_password" maxlength="30" size="16" id="user_password" /><br />    &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;          
        <a href="javascript:;" onclick="window.open('sendpwd.php', '', 'width=300, height=160, resizable=1, scrollbars=0, location=1, status=1');" class="piccolo" title="Reimposta la password [Popup]">          
          <?php echo $lang['pwdsend']; ?></a>    <br /><br />		&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;          
        <input type="checkbox" name="accesso_news" id="accesso_news" />        
        <label for="accesso_news" class="help" title="<?php echo $lang['ricorda_title']; ?>">
          <?php echo $lang['ricorda']; ?>
        </label><br /><br />		         
        <input type="submit" name="submit" value="Accedi" id="submit" /><br /><br />		       
      </div>	     
    </form>
<script language="JavaScript" type="text/javascript"> document.login.email.focus(); </script><br />    
    <?php echo $errore_login;
echo $abilitato_no; ?>  
  </body>
</html>
Return current item: Spacemarc News