Location: PHPKode > scripts > DNP script > admin/io.php
<?php
/*
    This file is part of DNP Script, an open source domain portfolio manager.
    Copyright (C) 2011  Robert Picard

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as
    published by the Free Software Foundation, either version 3 of the
    License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.

    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

	// Initialize the server session
	session_start();
	
	// Make sure this page isn't being viewed directly
	if(!$_POST['email'] && !$_SESSION['admin']) {
		header('Location: index.php');
		die;
	}
	
	// If the user is already logged in they must be visiting this page to
	// log out
	if($_SESSION['admin']) {
		$_SESSION['admin'] = 0;
		header('Location: index.php');
		die;
	}	
	
	// We need to get the database information from config.php to connect
	require('../config.php');
	
	// Connecting to the database with some error handling just in case
	$con = mysql_connect($db_host, $db_user, $db_pass);
	
	if(!$con){
		die('<span class="message_warning">Error connecting to MySQL: '.mysql_error().'</span>');
	}
	
	// Get the login information passed from the form
	$email	= $_POST['email'];
	$f_pass	= $_POST['password'];
	
	// The password in the database is encrypted so we need to encrypt the
	// password sent from the form before we compare them later
	$f_pass = sha1(md5($f_pass));
	
	// Select the database specified in config.php
	mysql_select_db($db_name, $con);
	
	// Build and send a query to compare the email from the form with the
	// email in the dnp_settings table
	$query = "SELECT * FROM dnp_settings WHERE value='$email'";
	
	$result = mysql_query($query);
	
	// If the email from the form is not the admin email in the settings there is an error
	if(mysql_num_rows($result) != 1){
		die('<span class="message_warning">The email you\'ve entered is incorrect.</span>');
	}
	
	// Now we are going to make sure the password is correct too
	$query = "SELECT * FROM dnp_settings WHERE value='$f_pass'";
	
	$result = mysql_query($query);
	
	// If the password is not the same as the one stored in the database there is an error
	if(mysql_num_rows($result) != 1){
		die('<span class="message_warning">The password you\'ve entered is incorrect.</span>');
	}
	
	// At this point both the email and password have been checked and no errors have been thrown
	// so we will set the user as logged in with a $_SESSION variable and send them back to the
	// home page
	
	$_SESSION['admin'] = 1;
	
	header('Location: index.php');
	
Return current item: DNP script