<?php
/* Admin Area (C) American Financing 2004-2005 */
require '../init.php';
require '../mysqlvars.php';
require '../lib/form_functions.php';
require '../lib/db.php';
unset($error);
$dbConn = connectDB($dbHost, $dbUser, $dbPass, $dbDB);
if (!$dbConn) {
die('Database is currently down...please try again later');
}
if (isset($_POST['login'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = 'Please enter your username and password';
}
else {
$result = mysql_query("SELECT * FROM wsd_admin WHERE username = '" . prepareData($_POST['username']) . "' and password = MD5('" . prepareData($_POST['password']) . "')");
if ($result) {
if ($frow = mysql_fetch_row($result)) {
session_start('ADMIN');
$_SESSION['username'] = stripData($_POST['username']);
session_write_close();
header("Location: ./");
exit();
}
else {
$error = 'Invalid username or password';
}
}
else {
$error = mysql_error();
}
}
}
?>
<html>
<head>
<title>Add Members</title>
<META HTTP-EQUIV="PRAGMA" CONTENT="NOCACHE">
<link rel="stylesheet" href="styles/fgp.css" type="text/css">
</head>
<body>
<table class="bg">
<tr>
<td>
<table class="fg">
<tr>
<td class="title"><?php echo $APP->name ?> Admin Login</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
<tr>
<td><DIV>Please ensure cookies are enabled in your browser</DIV></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
<?php if (isset($error)) { echo "<tr><td class=\"error\">$error</td></tr>"; } ?>
</table>
</td>
</tr>
<tr>
<td>
<table class="fg">
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<tr>
<td class="label">Username:</td>
<td class="field">
<input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) { echo htmlChars($_POST['username']); } ?>">
</td>
</tr>
<tr>
<td class="label">Password:</td>
<td class="field">
<input type="password" name="password" size="16" maxlength="16" value="<?php if (isset($_POST['password'])) { echo htmlChars($_POST['password']); } ?>">
</td>
</tr>
<tr><td class="label"> </td><td class="field"><input type="Submit" name="login" value="Login"></td></tr>
</form>
</table>
</tr>
<tr>
<td>
<table class="nb">
<tr>
<td><DIV>Content you put here will appear below the admin login box</DIV></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>