'; if ($testresult) { //echo 'SUCCESS!!

'; } /////////////////////*/ //echo 'user login is ' . $user_login . '
'; //echo 'user pass is ' . $user_passwd . '
'; function authenticate_admin_user($admin_user_id) { $HTTP_USER_AGENT = $_SERVER["HTTP_USER_AGENT"]; $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"]; $REMOTE_PORT = $_SERVER["REMOTE_PORT"]; $HTTP_SERVER_VARS = $_SERVER["HTTP_SERVER_VARS"]; global $DEBUG; if ($DEBUG) { echo 'SERVER_VARS:
HTTP User Agent: ' . $HTTP_USER_AGENT . '
REMOTE_ADDR: ' . $REMOTE_ADDR . '
REMOTE_PORT: '; echo $REMOTE_PORT . '
HTTP_SERVER_VARS: ' . $HTTP_SERVER_VARS . '

'; echo 'SERVER NAME: ' . $_SERVER["SERVER_NAME"] . '

'; } global $authDBHost; global $authDBName; global $authDBUser; global $authDBPasswd; //global $user_login; $EXPIRED_SESSIONS = 99999999; // Time in seconds for old session entries to be purged $destination_page = "index.html"; if ($DEBUG) {echo 'destination page is ' . $destination_page . '
'; } $my_session_key = md5($_SERVER["HTTP_USER_AGENT"] . time() . microtime() . $_SERVER["REMOTE_ADDR"] . $_SERVER["REMOTE_PORT"]); $my_session_timestamp = date(YmdHis, time()); $expired_session_timestamp = date(YmdHis, (time() - ($EXPIRED_SESSIONS))); mysql_connect($authDBHost, $authDBUser, $authDBPasswd); // Housecleaning SQL to purge old entries in session table $myQuery = "DELETE FROM admin_session WHERE admin_session_timestamp<'" . $expired_session_timestamp . "';"; mysql_db_query($authDBName, $myQuery); // Removes session rows with last timestamp older than $EXPIRED_SESSIONS $myQuery = "INSERT INTO admin_session(admin_session_key, admin_session_timestamp, admin_session_user_id, admin_session_user_ip)"; $myQuery .= " VALUES ('" . $my_session_key . "','" . $my_session_timestamp . "','" . $admin_user_id . "','" . $_SERVER["REMOTE_ADDR"] . "')"; if ($DEBUG) { echo 'myquery (session insertion) is ' . $myQuery . '

'; } if ($auth_attempt = mysql_db_query($authDBName, $myQuery)) { if ($DEBUG) { echo 'destination page is ' . $destination_page . '
'; } if ($DEBUG) { echo 'setting cookie';} //echo 'my session key is ' . $my_session_key . '
'; //echo 'servername is ' . $_SERVER["SERVER_NAME"] . '
'; //setcookie ("db_auth", $my_session_key, time()+121600, "/", $_SERVER["SERVER_NAME"]); // global $module_cookie; setcookie ("$module_cookie", $my_session_key, time()+99999999); // if (setcookie) { //echo 'cookie was set

'; //print_r($_COOKIE["$module_cookie"]); } else { //echo 'cookie was not set'; } header ("Location: " . $destination_page); // Redirects to index page and leaves login.html echo "\n\n"; exit; } else { echo "Error writing to session database"; exit; } } function login_incorrect() { echo 'The login information you entered is incorrect -- Please try again.'; // Nothing else here yet. } //---------------------------------------------------------------------------- // If page is a re-submit, check authorization to see if login attempt worked //---------------------------------------------------------------------------- //global $user_id; //global $user_passwd; //global $user_login; //echo 'user login is ' . $user_login . '
'; //Note: variable "user_passwd" is the submitted, unhashed password from the form. // variable "user_password_db" is the hashed password we get from the database. if (isset($my_user_login)) { //echo 'user login is set
'; $random = "4s59yn55m3yuyuyww56n09ggnd9471211nos54"; mysql_connect($authDBHost, $authDBUser, $authDBPasswd); /////// ADMIN LOGIN /////// $eyequery = "SELECT * FROM admin_user WHERE admin_user.admin_user_login='" . $my_user_login . "'"; $eyeresult = mysql_db_query($authDBName, $eyequery); //echo 'select query is ' . $eyequery . '
'; if ($eyerow = mysql_fetch_array($eyeresult)) { // We found the user in the DB $admin_user_id = $eyerow["admin_user_id"]; // get user_id from the db (we don't have it yet). $admin_user_pass_hash = $eyerow["admin_user_pass_hash"]; // here is the hash from the db. $my_password_encoded = md5($random . $my_user_password); // create the new hash for comparison if ($admin_user_pass_hash <> "") { // the user has set a password in the db //echo 'my submitted password encoded is ' . $my_password_encoded . '
'; //echo 'and the one in the database is ' . $user_pass_hash . '

'; if ($my_password_encoded == $admin_user_pass_hash) { // we have a match! authenticate_admin_user($admin_user_id); } else { $login_fail = "true"; // they screwed up on their password //echo 'password did not match

'; } //} elseif ($eyerow["admin_user_pass_hash"] == "") { // We'll still authenticate if the passwd in the DB is blank [disabled] // authenticate_admin_user($admin_user_id); } } else { // we didn't find the username in the database, this is user without admin privileges. /////// ROOTS GUEST LOGIN /////// $heyequery = "SELECT * FROM member WHERE member.member_login='" . $my_user_login . "'"; $heyeresult = mysql_db_query($authDBName, $heyequery); if ($heyerow = mysql_fetch_array($heyeresult)) { // We found the auth user in the DB $member_id = $heyerow["member_id"]; $member_pass_hash = $heyerow["member_pass_hash"]; // here is the hash from the db. /*$my_password_encoded = md5($random . $my_user_password); // create the new hash for comparison if ($member_pass_hash <> "") { // the user has set a password in the db (it isn't blank). if ($my_password_encoded == $member_pass_hash) { // we have a match! authenticate_member($member_id); } else { $login_fail = "true"; // they screwed up on their password //echo 'password did not match

'; } } else { $login_fail = "true"; /// the user didn't have a password set in the database. }*/ authenticate_member($member_id); } else { $login_fail = "true"; /// didn't find the user in the auth user table } } } //---------------------------------------------- // start displaying this page if falls through //---------------------------------------------- require ($top_of_site . "php/templates/web_header.html"); // Page Template Header //////////////////////////////// /********************** START MAIN BODY **********************/ //// page header echo ''; echo 'Please Log In'; echo ''; //// page content echo '
'; echo ''; echo '
'; global $login_fail; global $insert_successful; if ($insert_successful) { echo '

Your registration was successfully processed. Please log in to proceed.

'; } if ($login_fail == "true") { login_incorrect(); // Give an appropriate error message for bad login attempts } echo '
'; global $original_attempted_url; global $req_url; echo ''; ?>
Login:
Password: