2 ob_start("ob_gzhandler");
3 include_once("conn.php");
5 /* verify username and password - do not pass if incorrect */
6 if(!isset($_COOKIE["username"])) { include("login.php"); exit; }
7 if(!isset($_COOKIE["password"])) { include("login.php"); exit; }
9 $_COOKIE["username"] = mysql_real_escape_string($_COOKIE["username"]);
10 $_COOKIE["password"] = mysql_real_escape_string($_COOKIE["password"]);
12 $sql = "select count(*), user_id, role, name, first_login, email from users where attempts < 100 and email='". $_COOKIE["username"]. "' and password=SHA(\"".$_COOKIE["password"]."\")";
16 $result = mysql_query($sql);
18 if (!$result) { die("SQL ERROR: Get Cred"); }
20 $row = mysql_fetch_row($result);
22 /* if we don't get a good login, send username and password form and exit */
23 if($row[0] <= 0) { // bad login
25 // increment tries for user - this will lock them out
26 $sql = "update users set attempts = attempts + 1 where email='". $_COOKIE["username"]."'";
28 $result = mysql_query($sql);
32 echo "Incorrect Username or Password.";
35 } else { // good login
37 // set attempts to zero
38 $sql = "update users set attempts = 0 where email='". $_COOKIE["username"]."'";
40 $result = mysql_query($sql);
43 /* set global var with user id and email address - shown on pages and used in URL's */
47 $first_login = $row[4];
48 $user_email = $row[5];
50 /* update user status to indcate that this user is online - used mostly for chat features */
51 $sql = "update users set last_click = NOW() where user_id = ".$user_id;
53 $result = mysql_query($sql);
55 /* if this is your first login, you MUST change password */
56 if($first_login == 1) { include("password_change.php"); exit; }
58 if($user_id == NULL) { die("User ID Not Set For This User. Contact Technical Support."); }
