function checkAuth() { global $accessLevel; $error = ''; global $connection; if (is_resource($connection)) { if (isset($_COOKIE['USER'], $_COOKIE['PWD']) && $_COOKIE['USER'] != '' && $_COOKIE['PWD'] != '') { $result = mysql_query("SELECT * FROM users WHERE user = '******'USER']) . "' AND pwd = '" . mysql_real_escape_string($_COOKIE['PWD']) . "' LIMIT 1;") or die(mysql_error()); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_object($result); $accessLevel = $row->access_level; $return = true; } else { setcookie('USER', '1', time() - 3600); setcookie('PWD', '1', time() - 3600); } } elseif (isset($_POST['login'], $_POST['pwd'])) { $result = mysql_query("SELECT * FROM users WHERE user = '******'login']) . "' AND pwd = '" . mysql_real_escape_string(md5($_POST['pwd'])) . "' LIMIT 1;") or die(mysql_error()); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); $accessLevel = $row['access_level']; setcookie('USER', $row['user']); setcookie('PWD', $row['pwd']); //header('Location: index.php'); $return = true; } else { $error .= "User name or password is incorrect<br />"; } } if (isset($return)) { return adjustMySqlDb($return); } } else { $error .= "The connection is lost<br />"; } renderAuthForm($error, $_POST); exit; }
<?php if (!isset($connection)) { include "pos-dbc.php"; } adjustMySqlDb(); function checkAuth($post = false) { $multiply = 1; $keeptime = is_numeric($post) ? (double) $post : 30; if (!empty($_REQUEST['vtime'])) { $keeptime = (double) $_REQUEST['vtime']; } if (!empty($_REQUEST['vmult'])) { $multiply = (double) $_REQUEST['vmult']; } $keeptime = $keeptime * $multiply; $post = is_numeric($post) ? false : $post; $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) ? trim($_SERVER['HTTP_X_REQUESTED_WITH']) : ''; global $operator, $accessLevel; $accessLevel = 1; if (strtolower($isAjax) != 'xmlhttprequest' && (count($_POST) == 0 && !$post || $post)) { if (!$post && !empty($_COOKIE['noauth'])) { $cdata = json_decode(base64_decode($_COOKIE['noauth'])); $operator = $cdata->name; $accessLevel = $cdata->level; //setcookie('noauth', $_COOKIE['noauth'], time()+$keeptime, '/'); } else { if (isset($_REQUEST['vcode'])) { $opcode = mysql_query("SELECT * FROM employee WHERE vcode='{$_REQUEST['vcode']}' AND ifnull(ended,99999999999)>=" . time() . " ORDER BY id LIMIT 0,1"); if (mysql_num_rows($opcode) > 0) { $opdata = mysql_fetch_assoc($opcode);