login_authentication.php

1. <?php error_reporting(-1); ini_set('display_errors',1); ini_set('error_log', getcwd() .'error_log'); /* */ ?>
2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3. <html xmlns="http://www.w3.org/1999/xhtml">
4. <head>
5. <!-- meta -->
6. <meta http-equiv="content-type" content="text/html; charset=utf-8" />
7. <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
8. <meta http-equiv="Expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
9. <meta http-equiv="Pragma" content="no-cache" />
10. </head>
11. <body>
12.  
13.  
14. <?php
15.  
16. session_start();
17.  
18. $f_usr= $_POST["myusername"];
19.  
20. $f_pswd= $_POST["mypassword"];
21. $_SESSION['email'] = $f_usr;
22.  
23.  
24. //echo "password matched";
25. //require 'connect_sql.php';
26.  
27. $connection=mysql_connect("##","$$,"@@");
28.  
29.  
30.  
31. if(! $connection)
32.  
33. {
34.  
35.        die('Connection Failed'.mysql_error());
36.  
37. }
38.  
39.  
40. mysql_select_db("%%%",$connection);
41.  
42.  
43.  
44.  
45. $key = '###';
46. $sql4 = "SELECT password FROM users WHERE email = '$f_usr' ";
47. $result_type4 = mysql_query($sql4,$connection) or die(mysql_error());
48. $row4 = mysql_fetch_assoc($result_type4);
49. $chk_pswd = $row4['password'];
50. $decrypt_pswd = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($chk_pswd), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
51.  
52. $result = mysql_query("SELECT * FROM users WHERE email = '$f_usr'");
53.  
54.  
55.  
56. if (strcmp ($decrypt_pswd, $f_pswd) == 0)
57.  
58. {
59.  
60. $sql = "SELECT usertype FROM users WHERE (email = '" . mysql_real_escape_string($_POST["myusername"]) . "')";
61. $sql1 = "SELECT firstname FROM users WHERE (email = '" . mysql_real_escape_string($_POST["myusername"]) . "')" ;
62. $sql2 = "SELECT lastname FROM users WHERE (email = '" . mysql_real_escape_string($_POST["myusername"]) . "')" ;
63. $sql3 = "SELECT company FROM users WHERE (email = '" . mysql_real_escape_string($_POST["myusername"]) . "')" ;
64.  
65.  
66.  
67. $result_type = mysql_query($sql,$connection) or die(mysql_error());
68. $result_type1 = mysql_query($sql1,$connection) or die(mysql_error());
69. $result_type2 = mysql_query($sql2,$connection) or die(mysql_error());
70. $result_type3 = mysql_query($sql3,$connection) or die(mysql_error());
71.  
72.  
73. $row1 = mysql_fetch_assoc($result_type1);
74. $row2 = mysql_fetch_assoc($result_type2);
75. $row3 = mysql_fetch_assoc($result_type3);
76. $row = mysql_fetch_assoc($result_type);
77.  
78. $_SESSION['firstname'] = $row1['firstname'];
79. $_SESSION['lastname'] = $row2['lastname'];
80. $_SESSION['usertype'] = $row['usertype'];
81.  
82. $num = mysql_num_rows($result);
83.  
84. if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Business Owner' && $row3['company']== 'h')
85.    
86.        {
87.            $_SESSION['usertype4'] = $row['usertype'];
88.            
89.          header("rep_bo_h.php");
90.         }
91.  
92.  
93.  
94.        else if($num == 1 && $row['usertype'] == 'Business User'   && $row3['company']== 'h')
95.    
96.      
97.        {
98.            $_SESSION['usertype2'] = $row['usertype'];
99.         header("rep_bu_h.php");
100.        
101.         }
102.  
103.  
104. else if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Business User'&& $row3['company']== 'w' )
105.        {
106.    
107.        
108.        $_SESSION['usertype3'] = $row['usertype'];
109.        
110.         header("Location: rep_bu_w.php");
111.         }
112.  
113. else if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Business Owner'&& $row3['company']== 'w' )
114.        {
115.        
116.        $_SESSION['usertype5'] = $row['usertype'];
117.         header("Location: rep_bo_w.php");
118.         }
119.  
120.  
121. else if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Business User'&& $row3['company']== 'c1' )
122.        {
123.    
124.        
125.        $_SESSION['usertype7'] = $row['usertype'];
126.        
127.         header("Location: rep_bu_c1.php");
128.         }
129.    
130. else if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Business Owner'&& $row3['company']== 'c1' )
131.        {
132.        
133.        $_SESSION['usertype6'] = $row['usertype'];
134.         header("Location: rep_bo_c1.php");
135.         }
136.  
137.        
138. else if (mysql_num_rows($result) == 1 && $row['usertype'] == 'admin')
139.        
140.        
141.         {
142.            $_SESSION['usertype'] = $row['usertype'];
143.                include 'admin_select.php';
144.         }
145.        
146.         else if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Staff')
147.    
148.             {
149.            $_SESSION['usertype1'] = $row['usertype'];
150.                        include 'rep_staff_select.php';
151.            }
152.  
153.  
154.     else if(mysql_num_rows($result) == 1 && $row['usertype'] == 'Internal product owner')
155.    
156.             {
157.            $_SESSION['usertype1'] = $row['usertype'];
158.                        include 'rep_intprodowner_select.php';
159.            }
160.        
161.        else
162.         echo "<script> alert('Authentication failed. Please try again ')</script>";
163. }
164.  
165.  
166.  
167.  
168.  
169. else
170. {
171. ?>
172.  
173.  
174.  
175. <script type="text/javascript">
176.     alert("Username/password mismatch");
177.    window.location = "index.html";
178.   </script>
179.  
180.  
181.  
182. <?php
183.  
184. }
185. ?>
186. </body>
187. </html>