<?phpinclude("../include/config.php");if ($_SESSION['ADMINID'] != "" &

1. <?php
2.  
3.  
4. include("../include/config.php");
5.  
6. if ($_SESSION['ADMINID'] != "" && $_SESSION['ADMINUSERNAME'] != "" && $_SESSION['ADMINPASSWORD'] != "")
7. {
8. $redirect = $config['adminurl']."/control.php";
9. header("location: $redirect");
10. }
11. else
12. {
13.  
14. if($_POST['login']!="")
15. {
16. $adminusername = $_POST['username'];
17. $adminpassword = $_POST['password'];
18. if ($adminusername == "")
19. {
20. $error = "Error: Username not entered.";
21. }
22. elseif ($adminpassword == "")
23. {
24. $error = "Error: Password not entered.";
25. }
26. else
27. {
28. $encodedadminpassword = md5($adminpassword);
29. $query="SELECT * FROM administrators WHERE username='".mysql_real_escape_string($adminusername)."' AND password='".mysql_real_escape_string($encodedadminpassword)."'";
30. $executequery=$conn->execute($query);
31. $getid = $executequery->fields[ADMINID];
32. $getusername = $executequery->fields[username];
33. $getpassword = $executequery->fields[password];
34.  
35. if (is_numeric($getid) && $getusername != "" && $getpassword != "" && $getusername == $adminusername && $getpassword == $encodedadminpassword)
36. {
37. SESSION_REGISTER("ADMINID");
38. SESSION_REGISTER("ADMINUSERNAME");
39. SESSION_REGISTER("ADMINPASSWORD");
40. $_SESSION['ADMINID'] = $getid;
41. $_SESSION['ADMINUSERNAME'] = $getusername;
42. $_SESSION['ADMINPASSWORD'] = $encodedadminpassword;
43. $redirect = $config['adminurl']."/control.php";
44. header("location: $redirect");
45. }
46. else
47. {
48. $error = "Invalid username/password entered.";
49. }
50. }
51. }
52.  
53. STemplate::assign('message',$message);
54. STemplate::assign('error',$error);
55. STemplate::display('administrator/index.tpl');
56.  
57. }
58.  
59. ?>