<?
/*************************************************************************************
COPYRIGHT NOTICE
This copyright notice must appear at the top of all scripts which are part of
the Web Application Gateway package.
Copyright (C) 2001-2008 Gregory Engel
All rights reserved
8547 E Arapahoe Rd, #J-504
Greenwood Village, CO 80112 USA
hide@address.com
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html
A copy is included with the WAG package and is found in the text file gpl.txt
You should have received a copy of the GNU General Public License (gpl.txt, gpl.html)
along with the WAG distribution package; if not, the GNU General Public License can
be found at http://www.gnu.org/copyleft/gpl.html, or by writing to:
Free Software Foundation, Inc.
59 Temple Place - Suite 330
Boston, MA 02111-1307, USA.
This script is part of the Web Application Gateway (WAG) Accounting Application
Project. The WAG software is free, subject to the terms of the GNU General Public
License as published by the Free Software Foundation, either version 2 of the License,
or (at your option) any later version.
$Revision: 56 $
$LastChangedDate: 2008-01-16 09:52:29 -0700 (Wed, 16 Jan 2008) $
$LastChangedBy: gpeangel $
*************************************************************************************/
require("init.php");
$error_message = "";
$usr_logon_id = strip_tags($_POST["usr_logon_id"]);
$usr_password = strip_tags($_POST["usr_password"]);
$db_conn = mysql_connect($_SESSION["WAGATEWAY"]["DB_SERVER"], $_SESSION["WAGATEWAY"]["DB_USERNAME"], $_SESSION["WAGATEWAY"]["DB_PASSWORD"]) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
mysql_select_db($_SESSION["WAGATEWAY"]["DB_DATABASE"], $db_conn) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
$query = "SELECT * FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."Users WHERE usr_logon_id = UPPER('".$usr_logon_id."') AND usr_password = '".md5($usr_password)."'";
$result = mysql_query($query, $db_conn) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
$row_count = mysql_num_rows($result);
if ($row_count > 0)
{
$row = mysql_fetch_array($result);
//User with matching password found in database
$_SESSION["WAGATEWAY"]["VALID_USER"] = $usr_logon_id;
$_SESSION["WAGATEWAY"]["USR_ID"] = $row["usr_id"];
$_SESSION["WAGATEWAY"]["USR_LOGON_ID"] = strtoupper($row["usr_logon_id"]);
$_SESSION["WAGATEWAY"]["USR_FIRST_NAME"] = $row["usr_first_name"];
$_SESSION["WAGATEWAY"]["USR_LAST_NAME"] = $row["usr_last_name"];
$_SESSION["WAGATEWAY"]["USR_EMAIL"] = $row["usr_email"];
$_SESSION["WAGATEWAY"]["PASSWORD_EXP"] = $row["usr_password_exp"];
$_SESSION["WAGATEWAY"]["PASSWORD_FORCE_CHANGE"] = $row["usr_password_force_change"];
$_SESSION["WAGATEWAY"]["GROUPS"] = array();
$_SESSION["WAGATEWAY"]["APPS"] = array();
$usr_password_set_date = $row["usr_password_set_date"];
// Check if user password (other than administrator) has expired
if ($_SESSION["WAGATEWAY"]["USR_ID"] > 1 && $_SESSION["WAGATEWAY"]["PASSWORD_EXP"] == 1)
{
$usr_password_set_date = strtotime($usr_password_set_date);
$password_exp_date = strtotime("+".$_SESSION["WAGATEWAY"]["PASSWORD_LIFESPAN"]." days", $usr_password_set_date);
$cur_date = strtotime("now");
$password_exp_days = $password_exp_date - $cur_date;
$password_exp_days = round((($password_exp_days / 60) / 60) / 24);
$_SESSION["WAGATEWAY"]["PASSWORD_EXP_DAYS"] = $password_exp_days;
if ($_SESSION["WAGATEWAY"]["PASSWORD_EXP_DAYS"] < 0)
{
$_SESSION = array();
$error_message = "<li>Your password has expired. Contact administrator to have your password reset.</li>";
}
}
if (strlen($error_message) == 0)
{
// Collect groups to which this user belongs
$query = "SELECT ug_grp_id FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."UserGroups WHERE ug_usr_id = ".$_SESSION["WAGATEWAY"]["USR_ID"];
$result = mysql_query($query, $db_conn) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
while ($row = mysql_fetch_array($result, MYSQL_NUM))
{
$_SESSION["WAGATEWAY"]["GROUPS"][] = $row[0];
}
// Collect applications this user has permission to access
$query = "SELECT ua_app_id FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."UserApps WHERE ua_usr_id = ".$_SESSION["WAGATEWAY"]["USR_ID"];
$result = mysql_query($query, $db_conn) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
while ($row = mysql_fetch_array($result, MYSQL_NUM))
{
$_SESSION["WAGATEWAY"]["APPS"][] = $row[0];
}
$query = "UPDATE ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."Users SET usr_last_logon = NOW() WHERE usr_id = ".$_SESSION["WAGATEWAY"]["USR_ID"];
$result = mysql_query($query, $db_conn) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
// For error reporting, fetch the admin e-mail address
$query = "SELECT usr_email FROM ".$_SESSION["WAGATEWAY"]["DB_TABLE_PREFIX"]."Users WHERE usr_id = 1";
$result = mysql_query($query, $db_conn) or die ($query."<br><br>".mysql_errno().": ".mysql_error()."<br>");
if ($result)
{
$row = mysql_fetch_row($result);
$_SESSION["WAGATEWAY"]["ADMIN_EMAIL"] = $row[0];
}
else
{
$_SESSION["WAGATEWAY"]["ADMIN_EMAIL"] = "";
}
}
// User is valid, start tracking session activity
$_SESSION["WAGATEWAY"]["SESSION_ACTIVE"] = time();
echo $_SESSION["WAGATEWAY"]["PROTOCOL"].$_SESSION["WAGATEWAY"]["WEB_ROOT"].'main.php';
}
else
{
echo "fail";
}
?>