Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php /* login.php - marknt15 */
- // start session events
- session_name("MARK_SESSID");
- session_start();
- define("IN_MARK", true);
- $root_path = './';
- $header_main_php = $root_path . 'main.php';
- include "./db/db_functions.obj";
- // database connection
- $db = new DB();
- $db->connect();
- // check for username and password
- if(($_POST['username'])||($_POST['password']))
- {
- if(empty($_POST['username'])){
- $u = FALSE;
- $_SESSION['logged_in'] = FALSE;
- header( "Location: ./index.php?access=no_username" );
- }
- else { $u = $_POST['username']; }
- if(empty($_POST['password'])){
- $p = FALSE;
- $_SESSION['logged_in'] = FALSE;
- header( "Location: ./index.php?access=no_password" );
- }
- else { $p = $_POST['password']; }
- } else {
- $u = FALSE;
- $p = FALSE;
- $_SESSION['logged_in'] = FALSE;
- header( "Location: ./index.php?access=denied" );
- }
- // password encryption
- $password_sha1 = SHA1($p);
- $password_md5 = MD5($p);
- $password_hash = $password_sha1 . $password_md5;
- $password_sha1_2 = SHA1($password_hash);
- $password_md5_2 = MD5($password_hash);
- $password_hash_2 = $password_sha1_2 . $password_md5_2;
- $password_hash_final = $password_hash_2;
- // if the username and password is both set
- if(($u) && ($p)) {
- $query= "select a.EmpNo, a.Username, a.Password, b.First_Name, b.Middle_Name, b.Last_Name, a.Privilege,
- a.Last_Login
- from user_tbl a, employee_tbl b
- where a.Username = '$u' and a.Password = '$p' and a.EmpNo = b.EmpNo";
- $result = mysql_query($query) or die (mysql_error());
- if(mysql_num_rows($result) == 0){ // no results found for $u and $p
- $_SESSION['logged_in'] = FALSE;
- // check for username if username exists
- $select_username="select EmpNo from user_tbl where Username = '$u'";
- $result_username = mysql_query($select_username) or die (mysql_error());
- if(mysql_num_rows($result_username) == 0){
- // login error: no username in database
- header("Location: ./index.php?access=user_error&username=$u");
- } else {
- // login error: incorrect password for username
- header("Location: ./index.php?access=pass_error&username=$u");
- }
- mysql_free_result($result_username);
- } else {
- /*
- if ($_POST['option'] == 'installation'){ $system_option = "installation"; }
- else if ($_POST['option'] == 'techsup') { $system_option = "techsup"; }
- else if ($_POST['option'] == 'site') { $system_option = "site"; }
- else if ($_POST['option'] == '') { header("Location: index.php?access=no_option"); }
- */
- switch ($_POST['option']) {
- case "installation":
- $system_option = "installation";
- break;
- case "techsup":
- $system_option = "techsup";
- break;
- case "site":
- $system_option = "site";
- break;
- case "":
- header("Location: index.php?access=no_option");
- break;
- }
- while($row = mysql_fetch_array($result, MYSQL_BOTH)){
- $_SESSION['Username'] = $u;
- $_SESSION['Password'] = $password_hash_final;
- $_SESSION['EmployeeID'] = $row[0];
- $_SESSION['PrivilegeID'] = $row[6];
- $_SESSION['FullName'] = $row[3] ." ". $row[4] ." ". $row[5];
- $_SESSION['logged_in'] = TRUE;
- $_SESSION['last_login'] = $row[7];
- $_SESSION['system'] = $system_option;
- $check_last_login = "select Last_Login from user_tbl where Username = '$u'" ;
- $result_check = mysql_query($check_last_login) or die(mysql_error());
- $numrows_check = mysql_num_rows($result_check);
- while ($line = mysql_fetch_array($result_check, MYSQL_BOTH)){
- $last_login_x = $line['Last_Login'];
- }
- $timestamp = date("Y-m-d");
- //if($last_login_x == ''){ // if last login of user is NULL, update Last_Login
- if(!$last_login_x){ // if last login of user is NULL, update Last_Login
- $insert="update user_tbl set Last_Login = '$timestamp' where Username = '$u'";
- $result_insert = mysql_query($insert) or die(mysql_error());
- }
- else{ // update
- $update="update user_tbl set Last_Login = '$timestamp' where Username = '$u'";
- $result_update = mysql_query($update) or die(mysql_error());
- }
- // put condition here sa header techsup or installation
- if ($_POST['option'] == 'installation'){
- //header("Location: main_install.php");
- header("Location: progress_bar2.php");
- } else if ($_POST['option'] == 'techsup') {
- //header("Location: main.php");
- header("Location: progress_bar.php");
- } else if ($_POST['option'] == 'site') {
- //header("Location: main_site.php");
- header("Location: progress_bar3.php");
- } else if ($_POST['option'] == '') {
- header("Location: index.php?access=no_option");
- }
- // if username and password is valid, go to main page
- //header("Location: main.php");
- }
- }
- mysql_free_result($result);
- }
- // unset php variables
- unset($u);
- unset($p);
- unset($password_sha1);
- unset($password_md5);
- unset($password_hash);
- unset($password_sha1_2);
- unset($password_md5_2);
- unset($password_hash_2);
- unset($password_hash_final);
- $db->disconnect();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement