forked from mangoO-Microfinance/mangoO-Microfinance
/
index.php
91 lines (77 loc) · 3.31 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<!DOCTYPE HTML>
<?PHP
$fingerprint = md5($_SERVER['REMOTE_ADDR'].'dh(6Km4$X*'.$_SERVER['HTTP_USER_AGENT']);
session_start();
include 'functions.php';
connect();
if(isset($_POST['login'])){
include 'salt.php';
$log_user = sanitize($_POST['log_user']);
$log_pw = sha1($salt1.(sanitize($_POST['log_pw'])).$salt2);
$sql_log = "SELECT * FROM user, ugroup WHERE user.ugroup_id = ugroup.ugroup_id AND user_name = '$log_user'";
$query_log = mysql_query($sql_log);
check_sql($query_log);
$result_log = mysql_fetch_assoc($query_log);
//Check Username and Password
if(($result_log['user_name'] == $log_user) && ($result_log['user_pw'] == $log_pw)){
//Define Session Variables for this User
$_SESSION['log_user'] = $log_user;
$_SESSION['log_time'] = time();
$_SESSION['log_id'] = $result_log['user_id'];
$_SESSION['log_ugroup'] = $result_log['ugroup_name'];
$_SESSION['log_report'] = $result_log['ugroup_report'];
$_SESSION['log_admin'] = $result_log['ugroup_admin'];
$_SESSION['log_fingerprint'] = $fingerprint;
//Check if user logged out properly last time
$sql_logout = "SELECT logrec_id, logrec_logout FROM logrec WHERE logrec_id IN (SELECT MAX(logrec_id) FROM logrec WHERE user_id = '$_SESSION[log_id]')";
$query_logout = mysql_query($sql_logout);
check_sql($query_logout);
$logout = mysql_fetch_array($query_logout);
$_SESSION['logrec_logout'] = $logout[1];
//Close all open sessions for that user
$sql_close_logrec = "UPDATE logrec SET logrec_end = '$_SESSION[log_time]' WHERE user_id = '$_SESSION[log_id]' AND logrec_end IS NULL";
$query_close_logrec = mysql_query($sql_close_logrec);
check_sql($query_close_logrec);
//Record Login in LOGREC
$sql_logrec = "INSERT INTO logrec (user_id, logrec_start, logrec_logout) VALUES ('$_SESSION[log_id]', '$_SESSION[log_time]', '0')";
$query_logrec = mysql_query($sql_logrec);
check_sql($query_logrec);
//Find LOGREC_ID for current user
$sql_logrecid = "SELECT MAX(logrec_id) FROM logrec WHERE user_id = '$_SESSION[log_id]'";
$query_logrecid = mysql_query($sql_logrecid);
check_sql ($query_logrecid);
$logrecid = mysql_fetch_array($query_logrecid);
$_SESSION['logrec_id'] = $logrecid['MAX(logrec_id)'];
//Forward to start.php
header('Location: start.php');
}
else echo '<script>alert(\'Authentification failed!\nWrong Username and/or Password!\')</script>';
}
?>
<html>
<?PHP htmlHead('Microfinance Management',1) ?>
<body>
<div class="content_center" style="width:100%; margin-top:15em">
<!-- LEFT SIDE: mangoO Logo -->
<div class="content_left" style="width:50%; padding-right:5em; text-align:right;">
<img src="ico/mangoo_l.png">
</div>
<!-- RIGHT SIDE: Login Form -->
<div class="content_right" style="width:50%; padding-left:5em; text-align:left;">
<p class="heading" style="margin:0; text-align:left;">Please login...</p>
<form action="index.php" method="post">
<table id="tb_fields" style="margin:0; border-spacing:0em 1.25em;">
<tr>
<td><input type="text" name="log_user" placeholder="Username"/></td>
</tr>
<tr>
<td><input type="password" name="log_pw" placeholder="Password"></td>
</tr>
<tr>
<td><input type="submit" name="login" value="Login"></td>
</tr>
</table>
</form>
</div>
</body>
</html>