function _setSession($uid, $username, $cookie, $remember, $init = true)
{
$_SESSION['uid'] = $uid;
$_SESSION['username'] = $username;
$_SESSION['cookie'] = $cookie;
$_SESSION['logged'] = true;
if ($remember == 'yes') {
updateCookie($cookie, true);
}
if ($init) {
$session = mysql_escape_string(session_id());
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE member SET session = '{$session}', ip = '{$ip}' WHERE " . "id = '{$uid}'";
if ($query_result = mysql_query($sql)) {
} else {
echo 'Db error: ' . mysql_error();
mysql_close($dbh);
exit;
}
}
}
function checkLogin($user, $pass, $cookie = "N")
{
//get global var
global $sqlConn;
//query DB for access info related to passed vars
$sql = "SELECT u.id AS user_id, u.email, u.fname, u.lname, u.datetime_last_login, u.is_admin ";
$sql .= "FROM admin_users u ";
$sql .= "WHERE u.active = 'Y' AND u.email = '" . $user . "' AND u.password = '******' ";
//$sql .= "WHERE u.active = 'Y' AND u.email = '".$user."' AND u.password = ENCODE('".$pass."', '".ENCODE_KEY."') ";
$sqlConn->Execute($sql);
if ($sqlConn->NumRows() > 0) {
//found user, now create all sessions for the user
$user = $sqlConn->GetRecord();
// init sessions
createSessions($user["user_id"], $user["email"], $user["datetime_last_login"], $user["is_admin"], trim($user["fname"] . " " . $user["lname"]));
//update user's last login time
$sql = "UPDATE admin_users SET datetime_last_login = NOW() WHERE id = '" . $user["user_id"] . "' ";
$sqlConn->Execute($sql);
//check if user wants to have a cookie
if ($cookie == "Y") {
updateCookie($user["user_id"], $user, $pass);
}
// login was successful
return TRUE;
} else {
//login failed
return FALSE;
}
}
