public static function login($user, $pass)
{
$conn = mysql_connect(AUTHDBSERVER, AUTHDBUSER, AUTHDBPASS);
$db = mysql_select_db(AUTHDBNAME, $conn);
$sql = "SELECT * FROM " . AUTHDBTABLE . " WHERE " . AUTHDBUSERCOLUMN . " ='" . $user . "' AND " . AUTHDBPASSCOLUMN . " = MD5('" . $pass . "') LIMIT 1";
$result = mysql_query($sql, $conn);
if (mysql_fetch_assoc($result)) {
SessionHelper::setSession("valid", true);
SessionHelper::setSession("userdata", $result);
mysql_close($conn);
return true;
} else {
mysql_close($conn);
return false;
}
}
}
}
// connect to db
if ($success) {
$row = UserHelper::getUserRow($db, $_POST["email"], md5($_POST["password"]));
if ($row === false) {
$success = false;
$message = "<span class=\"feedbackNegative\">Invalid login details</span>";
} else {
// restart the session, so there can never be an overlap on one machine.
// all operations are checked atomically
session_unset();
session_destroy();
session_start();
// $sessionid = session_id();
SessionHelper::setSession($row);
CookieHelper::setLoginUser($_POST["email"]);
CookieHelper::setLoginPass(md5($_POST["password"]));
}
}
//
if ($success) {
// they logged in using the form, send redirect headers
// echo "SUCCESS " . print_r($_POST); exit;
if ($from) {
header("Location: " . $from);
} else {
if (SessionHelper::isAdmin()) {
header("Location: report_time.php");
} else {
header("Location: .");