1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
<?php
/*
* Copyright 2003-2004 Jamin W. Collins <jcollins@asgardsrealm.net>
* Copyright 2001-2003 Tony Collins
*
* This file is part of Media Mate
*
* Media Mate is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Media Mate is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Media Mate; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
*/
// This script authenticates the user, and sets up a session.
include('header.php');
// If logout was requested, log the user out.
if ($_GET['action'] == "logout") {
session_start();
session_destroy();
$message = $global_text['loggedout'];
// Otherwise, they requested login.
// See if they provided the correct credentials...
} elseif ($_POST['username'] AND $_POST['password']) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT user_id, user_name, user_password, admin_level
FROM global_users WHERE user_name=?";
$result = $mm->dbQuery($sql, array($username));
list($user_id, $user_name, $user_password, $admin_level) =
$mm->dbFetchRow($result);
// Encrypt the password, and compare it to the one in the database
if (crypt("$password", "4t6dcHiefIkeYcn48B") == $user_password &&
$admin_level > '1') {
$message = $global_text['loginsuccessful'];
session_start();
$_SESSION['userid'] = $user_id;
$_SESSION['username'] = $user_name;
$_SESSION['level'] = $admin_level;
} else {
$message = $global_text['loginfailed'];
};
} else {
// If the user didn't provide both a username and a password,
// show this error:
$message = $global_text['usernameandpass'];
};
?>
<!-- Some necessary crap to set the page up. -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="stylesheet" type="text/css"
href="themes/<?php echo $global_prefs['theme'];?>.css">
<META HTTP-EQUIV="refresh" CONTENT="2; URL=index.php">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title><?php echo $global_text['loggedinyet'];?></title>
</head>
<body>
<!-- Center the background canvas on the page -->
<div align="center">
<div id="pageborder">
<!-- The table that everything else goes into -->
<div align="center">
<a href="index.php">
<div id="title">
</div>
</a>
<br>
<!-- Message box -->
<table class="admin">
<tr>
<td align="center">
<?php
echo "$message";
?>
</td>
</tr>
</table>
<br>
<!-- End of the table that everything else goes into -->
</div>
<!-- End of centering the canvas on the page -->
</div>
</div>
</body>
</html>
|
