Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("../include/config.php");
- if ($_SESSION['ADMINID'] != "" && $_SESSION['ADMINUSERNAME'] != "" && $_SESSION['ADMINPASSWORD'] != "")
- {
- $redirect = $config['adminurl']."/control.php";
- header("location: $redirect");
- }
- else
- {
- if($_POST['login']!="")
- {
- $adminusername = $_POST['username'];
- $adminpassword = $_POST['password'];
- if ($adminusername == "")
- {
- $error = "Error: Username not entered.";
- }
- elseif ($adminpassword == "")
- {
- $error = "Error: Password not entered.";
- }
- else
- {
- $encodedadminpassword = md5($adminpassword);
- $query="SELECT * FROM administrators WHERE username='".mysql_real_escape_string($adminusername)."' AND password='".mysql_real_escape_string($encodedadminpassword)."'";
- $executequery=$conn->execute($query);
- $getid = $executequery->fields[ADMINID];
- $getusername = $executequery->fields[username];
- $getpassword = $executequery->fields[password];
- if (is_numeric($getid) && $getusername != "" && $getpassword != "" && $getusername == $adminusername && $getpassword == $encodedadminpassword)
- {
- SESSION_REGISTER("ADMINID");
- SESSION_REGISTER("ADMINUSERNAME");
- SESSION_REGISTER("ADMINPASSWORD");
- $_SESSION['ADMINID'] = $getid;
- $_SESSION['ADMINUSERNAME'] = $getusername;
- $_SESSION['ADMINPASSWORD'] = $encodedadminpassword;
- $redirect = $config['adminurl']."/control.php";
- header("location: $redirect");
- }
- else
- {
- $error = "Invalid username/password entered.";
- }
- }
- }
- STemplate::assign('message',$message);
- STemplate::assign('error',$error);
- STemplate::display('administrator/index.tpl');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement