<?php
session_start();
if (!defined('E_DEPRECATED')) {
define('E_DEPRECATED', 0);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/class_inc.php";
$currentUrl = $_SERVER["REQUEST_URI"];
$pos = strpos(strtolower($currentUrl), "login.php");
if ($pos === false) {
if (!isset($_SESSION["username"]) || !isset($_SESSION["password"])) {
header("Location: /" . $ROOTPATH . "/Login.php?ReturnUrl=" . $currentUrl);
exit;
} else {
$username = $_SESSION["username"];
$password = $_SESSION["password"];
$DB = new conn();
if (!$DB->validateUser($username, $password)) {
header("Location: /" . $ROOTPATH . "/Login.php?ReturnUrl=" . $currentUrl);
exit;
}
}
}
//Buffer larger content areas like the main page content
require_once $DOCROOT . $ROOTPATH . "/firephp/FirePHP.class.php";
$firephp = FirePHP::getInstance(true);
ob_start();
<?php
if ($_REQUEST) {
if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
// ALL FORM VARS MUST BE VALIDATED
$DB = new conn();
$DB->connect();
$username = $DB->sanitize($_REQUEST["username"]);
$password = $DB->sanitize($_REQUEST["password"]);
$url = "/{$ROOTPATH}/index.php";
if (isset($_REQUEST["ReturnUrl"])) {
$url = $DB->sanitize($_REQUEST["ReturnUrl"]);
}
$DB->close();
if ($DB->validateUser($username, md5($password))) {
$sql = "select users.*, permission_roles.permission, permission_roles.roleid from users join permission_roles on users.permission_role = permission_roles.id where username = '******' and user_password = '******'";
$DB->connect();
$result = $DB->query($sql);
$userInfo = mysql_fetch_assoc($result);
$firstname = $userInfo["FirstName"];
$lastname = $userInfo["LastName"];
$user_id = $userInfo["user_id"];
$permLevel = $userInfo["permission"];
$roleid = $userInfo["roleid"];
$_SESSION["username"] = $username;
$_SESSION["password"] = md5($password);
$_SESSION["firstname"] = $firstname;
$_SESSION["lastname"] = $lastname;
$_SESSION["user_id"] = $user_id;
$_SESSION["perm_level"] = $permLevel;
