auth.php

   1 <?php
   2
   3 include_once("conn.php");
   4
   5 /* verify username and password - do not pass if incorrect */
   6 if(!isset($_COOKIE["username"])) { include("login.php"); exit; }
   7 if(!isset($_COOKIE["password"])) { include("login.php"); exit; }
   8
   9 $_COOKIE["username"] = mysql_real_escape_string($_COOKIE["username"]);
  10 $_COOKIE["password"] = mysql_real_escape_string($_COOKIE["password"]);
  11
  12 $sql = "select count(*), user_id, role, name, first_login, email from users where attempts < 100 and email='". $_COOKIE["username"]. "' and password=SHA(\"".$_COOKIE["password"]."\")";
  13
  14 //echo $sql;
  15
  16 $result = mysql_query($sql);
  17
  18 if (!$result) { die("SQL ERROR: Get Cred"); }
  19
  20 $row = mysql_fetch_row($result);
  21
  22 /* if we don't get a good login, send username and password form and exit */
  23 if($row[0] <= 0) { // bad login
  24
  25         // increment tries for user - this will lock them out
  26         $sql = "update users set attempts = attempts + 1 where email='". $_COOKIE["username"]."'";
  27
  28         $result = mysql_query($sql);
  29
  30         //echo $sql;
  31
  32         echo "Incorrect Username or Password.";
  33         include("login.php");
  34         exit;
  35 } else { // good login
  36
  37         // set attempts to zero
  38         $sql = "update users set attempts = 0 where email='". $_COOKIE["username"]."'";
  39
  40         $result = mysql_query($sql);
  41 }
  42
  43 /* set global var with user id and email address - shown on pages and used in URL's */
  44 $user_id = $row[1];
  45 $role = $row[2];
  46 $user_name = $row[3];
  47 $first_login = $row[4];
  48 $user_email = $row[5];
  49
  50 /* if this is your first login, you MUST change password */
  51 if($first_login == 1) { include("password_change.php"); exit; }
  52
  53 if($user_id == NULL) { die("User ID Not Set For This User. Contact Technical Support."); }
  54
  55 ?>