3 date_default_timezone_set('America/Chicago');
5 ob_start("ob_gzhandler");
6 include_once("conn.php");
8 /* verify username and password - do not pass if incorrect */
9 if(!isset($_COOKIE["username"])) { include("login.php"); exit; }
10 if(!isset($_COOKIE["password"])) { include("login.php"); exit; }
12 $_COOKIE["username"] = mysql_real_escape_string($_COOKIE["username"]);
13 $_COOKIE["password"] = mysql_real_escape_string($_COOKIE["password"]);
15 $sql = "select count(*), user_id, role, name, first_login, email from users where attempts < 100 and email='". $_COOKIE["username"]. "' and password=SHA(\"".$_COOKIE["password"]."\")";
19 $result = mysql_query($sql);
21 if (!$result) { die("SQL ERROR: Get Cred"); }
23 $row = mysql_fetch_row($result);
25 /* if we don't get a good login, send username and password form and exit */
26 if($row[0] <= 0) { // bad login
28 // increment tries for user - this will lock them out
29 $sql = "update users set attempts = attempts + 1 where email='". $_COOKIE["username"]."'";
31 $result = mysql_query($sql);
35 echo "Incorrect Username or Password.";
38 } else { // good login
40 // set attempts to zero
41 $sql = "update users set attempts = 0 where email='". $_COOKIE["username"]."'";
43 $result = mysql_query($sql);
46 /* set global var with user id and email address - shown on pages and used in URL's */
50 $first_login = $row[4];
51 $user_email = $row[5];
53 /* update user status to indcate that this user is online - used mostly for chat features */
54 $sql = "update users set last_click = NOW() where user_id = ".$user_id;
56 $result = mysql_query($sql);
58 /* if this is your first login, you MUST change password */
59 if($first_login == 1) { include("password_change.php"); exit; }
61 if($user_id == NULL) { die("User ID Not Set For This User. Contact Technical Support."); }
