<?phpinclude_once('top.php');include('db_connect.php');$conn = mysql_conne

1. <?php
2. include_once('top.php');
3. include('db_connect.php');
4. $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
5. mysql_select_db($dbname);
6. if(isset($_SESSION['user']) && isset($_SESSION['e_pass'])){
7. $e_pass = $_SESSION['e_pass'];
8. $user = $_SESSION['user'];
9. $query = "SELECT * from profile WHERE username = '".$user."' AND password = '".$e_pass."' LIMIT 1";
10. $result = mysql_query($query) or die(mysql_error());
11. $row = mysql_fetch_array($result);
12. $db_user = $row['username'];
13. $db_pass = $row['password'];
14. $db_fname = $row['first_name'];
15. $db_lname = $row['last_name'];
16. $db_email = $row['email'];
17. $db_ophone = $row['office_phone'];
18. $db_cphone = $row['cell_phone'];
19. $db_aphone = $row['alt_phone'];
20. $db_office = $row['office'];
21. $db_position = $row['position'];
22. $db_image = $row['image'];
23. $db_profile = $row['profile'];
24. $db_active = $row['active'];
25. include('login_successful.php');
26. if($db_user == $user && $db_pass == $e_pass){
27. if($db_active == 1){
28. include('login_successful.php');
29. }else{
30. echo "This account has been disabled, Please Contact Doug Clatterbuck or Computer Solutions about this issue";
31. }
32. }else{
33. include('login_failed.php');
34. }
35. }else{
36. echo "Please Enter a username and Password";
37. }
38. }
39. if(isset($_POST['post_user']) && isset($_POST['post_pass'])){
40. $user = mysql_real_escape_string($_POST['post_user']);
41. $pass = mysql_real_escape_string($_POST['post_pass']);
42. $e_pass = hash('sha256', md5($pass) . $pass);
43. mysql_select_db($dbname);
44. $process_query = "SELECT * from profile WHERE username = '".$user."' AND password = '".$e_pass."' LIMIT 1";
45. $process_result = mysql_query($process_query) or die(mysql_error());
46. $process_row = mysql_fetch_array($process_result);
47. $db_user = $process_row['username'];
48. $db_pass = $process_row['password'];
49. $db_fname = $process_row['first_name'];
50. $db_lname = $process_row['last_name'];
51. $db_email = $process_row['email'];
52. $db_ophone = $process_row['office_phone'];
53. $db_cphone = $process_row['cell_phone'];
54. $db_aphone = $process_row['alt_phone'];
55. $db_office = $process_row['office'];
56. $db_position = $process_row['position'];
57. $db_image = $process_row['image'];
58. $db_profile = $process_row['profile'];
59. $db_active = $process_row['active'];
60. if($db_user == $user && $db_pass == $e_pass){
61. if($db_active == 1){
62. include('login_successful.php');
63. }else{
64. echo "This account has been disabled, Please Contact Doug Clatterbuck or Computer Solutions about this issue";
65. }
66. }else{
67. include('login_failed.php');
68. }
69. }else{
70. echo "Please Enter a username and Password";
71. }
72. include_once('bottom.php');
73. mysql_close($conn);
74. ?>