1
+ − 1
<?
+ − 2
+ − 3
session_start ();
+ − 4
+ − 5
if ( isset ( $_SERVER [ "QUERY_STRING" ]) && $_SERVER [ "QUERY_STRING" ] == "logout" )
+ − 6
{
+ − 7
logout ();
+ − 8
}
+ − 9
+ − 10
// If a user had just entered his/her login && password, store them in our session.
+ − 11
if ( isset ( $_POST [ "authenticate" ]))
+ − 12
{
+ − 13
$_SESSION [ "userpwd" ] = $_POST [ "password" ];
+ − 14
$_SESSION [ "userlogin" ] = $_POST [ "username" ];
+ − 15
}
+ − 16
+ − 17
// Check if the session hasnt expired yet.
+ − 18
if (( isset ( $_SESSION [ "userid" ])) && ( $_SESSION [ "lastmod" ] != "" ) && (( time () - $_SESSION [ "lastmod" ]) > $EXPIRE ))
+ − 19
{
13
+ − 20
logout ( _ ( 'Session expired, please login again.' ), "error" );
1
+ − 21
}
+ − 22
+ − 23
// If the session hasn't expired yet, give our session a fresh new timestamp.
+ − 24
$_SESSION [ "lastmod" ] = time ();
+ − 25
+ − 26
if ( isset ( $_SESSION [ "userlogin" ]) && isset ( $_SESSION [ "userpwd" ]))
+ − 27
{
+ − 28
//Username and password are set, lets try to authenticate.
+ − 29
$result = $db -> query ( "SELECT id, fullname, level FROM users WHERE username='" . $_SESSION [ "userlogin" ] . "' AND password='" . md5 ( $_SESSION [ "userpwd" ]) . "' AND active=1" );
+ − 30
if ( $result -> numRows () == 1 )
+ − 31
{
+ − 32
$rowObj = $result -> fetchRow ();
+ − 33
$_SESSION [ "userid" ] = $rowObj [ "id" ];
+ − 34
$_SESSION [ "name" ] = $rowObj [ "fullname" ];
+ − 35
$_SESSION [ "level" ] = $rowObj [ "level" ];
+ − 36
if ( $_POST [ "authenticate" ])
+ − 37
{
+ − 38
//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
+ − 39
session_write_close ();
+ − 40
clean_page ( "index.php" );
+ − 41
exit ;
+ − 42
}
+ − 43
}
+ − 44
else
+ − 45
{
+ − 46
//Authentication failed, retry.
13
+ − 47
auth ( _ ( 'Authentication failed!' ), "error" );
1
+ − 48
}
+ − 49
}
+ − 50
else
+ − 51
{
+ − 52
//No username and password set, show auth form (again).
+ − 53
auth ();
+ − 54
}
+ − 55
+ − 56
/*
+ − 57
* Print the login form.
+ − 58
*/
+ − 59
13
+ − 60
function auth ( $msg = "" , $type = "success" )
1
+ − 61
{
+ − 62
include_once ( 'inc/header.inc.php' );
13
+ − 63
if ( $msg )
1
+ − 64
{
13
+ − 65
print "<div class= \" $type \" > $msg </div> \n " ;
1
+ − 66
}
+ − 67
?>
13
+ − 68
<h2> <? echo _ ( 'Login' ); ?> </h2>
+ − 69
<?
+ − 70
?>
+ − 71
<form method="post" action=" <? echo $_SERVER [ "PHP_SELF" ] ?> ">
+ − 72
<table border="0">
+ − 73
<tr>
+ − 74
<td class="n"> <? echo _ ( 'Login' ); ?> :</td>
+ − 75
<td class="n"><input type="text" class="input" name="username"></td>
+ − 76
</tr>
+ − 77
<tr>
+ − 78
<td class="n"> <? echo _ ( 'Password' ); ?> :</td>
+ − 79
<td class="n"><input type="password" class="input" name="password"></td>
+ − 80
</tr>
+ − 81
<tr>
+ − 82
<td class="n"> </td>
+ − 83
<td class="n">
+ − 84
<input type="submit" name="authenticate" class="button" value=" <? echo _ ( 'Login' ); ?> ">
+ − 85
</td>
+ − 86
</tr>
+ − 87
</table>
+ − 88
</form>
1
+ − 89
<?
+ − 90
include_once ( 'inc/footer.inc.php' );
+ − 91
exit ;
+ − 92
}
+ − 93
+ − 94
+ − 95
/*
+ − 96
* Logout the user and kickback to login form.
+ − 97
*/
+ − 98
6
+ − 99
function logout ( $msg = "" )
1
+ − 100
{
6
+ − 101
if ( $msg == "" ) {
13
+ − 102
$msg = _ ( 'You have logged out.' );
+ − 103
$type = "success" ;
6
+ − 104
};
1
+ − 105
session_destroy ();
+ − 106
session_write_close ();
13
+ − 107
auth ( $msg , $type );
1
+ − 108
exit ;
+ − 109
}
+ − 110
+ − 111
?>