Untitled

/* Website Administrator for this domain - dependent on staff_id that is admin */
    $link=mysql_connect ('localhost', 'cm_esites','$password');
    if (!$link) {
        die('Could not connect: ' . mysql_error());
    }
    if (!mysql_select_db('cm_esites')) {
        die('Could not select database: ' . mysql_error());
    }
    // this requires that a matching username and password is found -- AND -- that user is
    // indicated as the staff_id_admin in e_sites_control as this is the only person (staff) working
    // for that that subscriber that can alter the website. However, a company may have many staff members
    // only one can administrate the website.
    $sql="select e_manresu.*, e_sites_control.site_id,e_staff.security_level
                from e_manresu,e_sites_control,e_staff
                where e_manresu.u_username='".$postget["uname"]."' AND e_manresu.u_password='".$postget["passwd"]."'
                AND e_sites_control.staff_id_admin = e_manresu.staff_id and e_staff.staff_id = e_manresu.staff_id";
    $result = mysql_query($sql);
    if (!$result) {
    die('Could not query:' . mysql_error());
    }

    while ($rows=mysql_fetch_assoc($result)){
        $config["admin_uname"]=$rows['u_username'];
        $config["admin_passwd"]=$rows['u_password'];
        $_SESSION['site_id']=$site_id=$rows['site_id'];
        if($rows['security_level']=='99'){
           $_SESSION['super_admin']='true';
        }
    }
    mysql_close($link);
    if( ($postget["uname"]==$config["admin_uname"]) && ($postget["passwd"]==$config["admin_passwd"]))
    {
        $_SESSION['encaps']['admin_uname'] = $config['admin_uname'];
        $_SESSION['encaps']['admin_passwd'] = $config['admin_passwd'];
    }
    else
    {
        // sleep(3);
        echo $_SESSION['encaps']['admin_passwd'];
        echo "Login failed";
    }