Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //include_once ("classifieds/misc.php");
- class Admin
- {
- /**
- * @package Users
- * @subpackage Administrators
- */
- /**
- * authorizing administrator
- *
- * Function checks if there's active administrator.
- * If it is, then it return true. If it's not it outputs
- * form for logging into system untill administrator logins system
- *
- * @return bool 'true' administrator has authorized or 'false' otherwise
- */
- function admin_auth(&$template_processor)
- {
- if (Admin :: admin_authed())
- return true;
- $err_m = '<p> </p>';
- if (isset ($_REQUEST['action']) && $_REQUEST['action'] == 'login')
- {
- if (Admin :: admin_login($_REQUEST['username'], $_REQUEST['password']))
- return true;
- else
- $err_m = '<p style="color:red;font-family:tahoma;text-align:center">Wrong password. Please try again</p>';
- }
- echo Admin :: admin_auth_page($err_m, $template_processor);
- return false;
- }
- function admin_auth_page($err_m)
- {
- $template_processor = System::getTemplateProcessor ();
- $params = form(array ('action' => 'login') + get_request_data_params());
- $template_processor -> assign('form_hidden_params', $params);
- $template_processor -> assign('ERROR', $err_m);
- return $template_processor->fetch('auth.tpl');
- }
- /**
- * checking for existing authorized administrator
- *
- * Function checks if administrator has authorized
- *
- * @return 'true' if administrator has authorized or 'false' otherwise
- */
- function admin_authed()
- {
- if (isset ($_SESSION['username'], $_SESSION['usertype']) && $_SESSION['usertype'] == "admin")
- return true;
- return false;
- }
- /**
- * logging into system as administrator
- *
- * Function logs administrator into system.
- * If operation succeded it registers session variables 'username' and 'usertype'
- *
- * @param string $username user's name
- * @param string $password user's password
- * @return bool 'true' if operation succeeded or 'false' otherwise
- */
- function admin_login($username, $password)
- {
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $sql = "SELECT * FROM `administrator` WHERE `username`='" . $username . "' AND `password`=PASSWORD('" . $password . "')";
- $res = mysql_query($sql);
- if ($res === FALSE)
- {
- // echo mysql_errno() . ": " . mysql_error();
- return false;
- }
- if (mysql_num_rows($res) !== 1)
- return false;
- $row = mysql_fetch_assoc($res);
- $_SESSION['username'] = $row['username'];
- $_SESSION['usertype'] = "admin";
- return true;
- }
- /**
- * logging administrator out of system
- *
- * Function logs administrator out of system
- */
- function admin_log_out()
- {
- unset ($_SESSION['username']);
- unset ($_SESSION['usertype']);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement