Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (!isset($_SESSION))
- {
- session_start();
- }
- if(isset($_SESSION['admin']))
- {
- header('Location: users/admin/index.php');
- exit();
- }
- require_once('../Connections/uploader.php');
- function loginFormErrorsCheck ($loginUsername, $loginPassword) {
- if (empty($loginUsername) || empty($loginPassword)) {
- return true;
- } else {
- return false;
- }
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Admin Center Login</title>
- <link href="css/styles.css" rel="stylesheet" type="text/css" />
- <style type="text/css">
- .required { color:#F00;
- }
- body {
- background-color: #FC9;
- font-family:helvetica;
- }
- </style>
- </head>
- <body>
- <?php
- if (isset($_POST['login'])) {
- $loginUsername = $_POST['uname'];
- $loginPassword = $_POST['pword'];
- $blank_fields = loginFormErrorsCheck ($loginUsername, $loginPassword);
- if (!$blank_fields) {
- $loginPassword = md5($loginPassword);
- mysql_select_db($database_uploader, $uploader);
- $query = "SELECT * FROM members WHERE uname='"
- . mysql_real_escape_string($loginUsername) .
- "' AND pword='" . mysql_real_escape_string($loginPassword) . "'";
- $result = mysql_query($query) or die(mysql_error());
- // make sure the username and password were found
- if (mysql_num_rows($result) > 0) {
- $row = mysql_fetch_array($result) or die(mysql_error());
- mysql_close($result);
- if ($loginUsername == "admin") { // Admin Login
- $_SESSION['admin'] = "Admin.";
- header('Location: users/admin/index.php');
- exit;
- } else {
- echo "You cannot login to this area. Please <a href='portal.php'>go to the portal</a> to login.";
- header('Location: portal.php');
- die();
- }
- }
- else {$login_errors[] = "Please check your User ID and Password, and try again.";}
- } else { $login_errors[] = "<div class='error'><img src='../Images/error_image.png' width='16' height='16' /> <b>Error</b>: Please fill in all fields.</div>"; }
- }
- // Begin IP logging
- if ($_SERVER['SERVER_ADDR'] != "...") {
- $filename = 'logs/logIP.txt';
- $somecontent = "\n" . $_SERVER['SERVER_ADDR'] . " - " . date("F j, Y, g:i a");
- // Let's make sure the file exists and is writable first.
- if (is_writable($filename)) {
- if (!$handle = fopen($filename, 'a')) {
- echo "Cannot open file.";
- exit;
- }
- if (fwrite($handle, $somecontent) === FALSE) {
- echo "Cannot write to file.";
- exit;
- }
- echo "Your IP address has been recorded for security purposes.";
- fclose($handle);
- } else {
- echo "The file is not writable.";
- }
- }
- ?>
- <?php
- if (isset($login_errors) && !empty($login_errors)) {
- $result = count($login_errors);
- for ($i=0; $i<$result; $i++) {
- echo "<p class='errors'>$login_errors[$i]<br></p>";
- }
- }
- ?>
- <table width="50%" border="1" align="center">
- <tr>
- <td><form action="" method="post" id="login" name="login" >
- <table border="0" align="center" cellpadding="3">
- <tr>
- <td colspan="2"><h3>RESTRICTED ACCESS FOR PERSONEL ONLY</h3>
- <p>If you are not an administrator of this website, you must leave this page now. If you are looking for the standard login member portal, please <a href="portal.php">click here</a>.
- <p><strong>Your IP address, <? echo $_SERVER['REMOTE_ADDR'] ?>, has been logged.</strong></p></td>
- </tr>
- <tr>
- <td>User ID: </td>
- <td><input type="text" name="uname" id="uname" value="<? if (isset($login_errors)) {echo $_POST['uname'];} ?>" /></td>
- </tr>
- <tr>
- <td>Password: </td>
- <td><input name='pword' type='password' value="<? if (isset($login_errors)) {echo $_POST['pword'];} ?>" /></td>
- </tr>
- <tr>
- <td> </td>
- <td><input type="submit" name="login" id="login" value="Log me In!" /></td>
- </tr>
- </table>
- </form></td>
- </tr></table>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
