public function do_auth_admin($dbuser, $dbpass) { if (isset($_POST['logout'])) { $_SESSION['valid'] = FALSE; } if ($this->is_valid()) { if ($_SESSION['admin'] != TRUE) { $_SESSION['valid'] = FALSE; header('Location: admin.php'); } else { echo <<<eos <div class='navbarlayout'> <div style='float: left;'>Welcome back, {$_SESSION['firstname']}</div> <div style='float: right;'> <form method='POST'><input name='logout' type='submit' value='Logout'> </form></div> </div><br><br> eos; } return; } $m2 = new model_page($dbuser, $dbpass); $login_arr1 = $m2->get_admin_login($_POST['username'], md5($_POST['password'])); foreach ($login_arr1 as $login) { $user = $login['Email']; $pass = $login['Password']; $name = $login['FirstName'] . " " . $login['LastName']; $isAdmin = $login['IsAdmin']; $UserID = $login['ID']; } if ($_POST['username'] == $user && md5($_POST['password']) == $pass && strlen($user) > 0 && strlen($pass) > 0 && $isAdmin == 1) { $_SESSION['valid'] = TRUE; $_SESSION['name'] = $name; $_SESSION['firstname'] = $login['FirstName']; $_SESSION['admin'] = 1; $_SESSION['UserID'] = $UserID; echo <<<eos <div class='navbarlayout'> <div style='float: left;'>Welcome back, {$_SESSION['firstname']}</div> <div style='float: right;'> <form method='POST'><input name='logout' type='submit' value='Logout'> </form></div> </div><br><br> eos; return; } if ($_POST['username'] != "" || $_POST['password'] != "") { $errormessage = "Incorrect Username or Password. Please try again"; } echo <<<eos <center><br><br><h1>Admin Login</h1><br> eos; echo '<font color="red"><b>' . $errormessage . '</b></font color>'; echo <<<eos <br><form method='POST'> Username: <input name='username' type='text'><br><br> Password: <input name='password' type='password'><br><br> <input name='submit_auth' type='submit' name='Submit'> </form><br> eos; return; }