auth.php

   1 <?php
   2
   3 include_once("conn.php");
   4
   5 /* verify username and password - do not pass if incorrect */
   6 if(!isset($_COOKIE["username"])) { include("login.php"); exit; }
   7 if(!isset($_COOKIE["password"])) { include("login.php"); exit; }
   8
   9 $_COOKIE["username"] = mysql_real_escape_string($_COOKIE["username"]);
  10 $_COOKIE["password"] = mysql_real_escape_string($_COOKIE["password"]);
  11
  12 $sql = "select count(*), user_id, role, name, first_login, email from users where email='". $_COOKIE["username"]. "' and password=SHA(\"".$_COOKIE["password"]."\")";
  13
  14 //echo $sql;
  15
  16 $result = mysql_query($sql);
  17
  18 if (!$result) { die("SQL ERROR: Get Cred"); }
  19 //if (!$result) { mysql_error(); }
  20
  21 $row = mysql_fetch_row($result);
  22
  23 if($row[0] > 0) { } else { echo "Incorrect Username or Password."; }
  24
  25 /* if we don't get a good login, send username and password form and exit */
  26 if($row[0] < 1)  { include("login.php"); exit; }
  27
  28 /* set global var with user id and email address - shown on pages and used in URL's */
  29 $user_id = $row[1];
  30 $role = $row[2];
  31 $user_name = $row[3];
  32 $first_login = $row[4];
  33 $user_email = $row[5];
  34
  35 /* if this is your first login, you MUST change password */
  36 if($first_login == 1) { include("password_change.php"); exit; }
  37
  38 if($user_id == NULL) { die("User ID Not Set For This User. Contact Technical Support."); }
  39
  40 include("header.php");
  41
  42 ?>
  43