forked from weatheredwatcher/OpenContract
/
index.php
133 lines (96 loc) · 2.86 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<?php
/**
*
* This is the index. It includes the Login procedures
*
*/
//session block
session_start();
//todo:add blacklist feature to block certain ip address
//ini_set('display_errors','On');
require('includes/db-include.php');
require('includes/globalinc.php');
if (isset($_SESSION['auth'])){
load_index();
}else {
if(isset($_POST['submit'])){
auth();
}
else {
show_login('Please log in to Continue');
}
}
function load_index(){
header("Location: http://procurement.sc.gov/PS/agency/IDC/main.php");
}
function auth(){
$id= mysql_escape_string($_POST['login']);
$password = mysql_escape_string($_POST['password']);
$query= mysql_query("SELECT * FROM tbl_auth WHERE id = '$id' and password ='$password' limit 1");
if(mysql_num_rows($query) == 1) {
$_SESSION['auth'] = "1";
$_SESSION['id'] = $id;
$_SESSION['name'] = get_agency_name($id); //this is the first time we use this function to pull the agency name.
$_SESSION['ses_start'] = date('Y-m-d-h-i-s');
$_SESSION['log_ip'] = $_SERVER['REMOTE_ADDR'];
log_activity('login');
load_index();
}
else{
$error_message = 'Sorry, try again! (your ip address has been recorded)';
// This is an example of a generic log entry
$_SESSION['extra'] = $id; //we set the extra var to the attemped user id
$_SESSION['log_ip'] = $_SERVER['REMOTE_ADDR']; //we record the ip address
log_activity('failed login'); //we use a string to id the activity and write the log
// end of logging
show_login($error_message);
}
//echo $query;
}
function show_login($message){
$title = "Agency Users";
$subtitle = "IDC Reporting";
// Probably will not needed.
//$docfunc = "/home/httpd/html/PS/ps-docmanV2-func.php";
//include($docfunc);
$header = "/home/httpd/html/PS/ps-header.php";
$footer = "/home/httpd/html/PS/ps-footer.php";
$links = "/home/httpd/html/PS/ps-links.php";
require($header);
require('includes/db-include.php');
?>
<body onload="document.auth.login.focus();">
<?php
echo('<DIV id="contentwrap">
<DIV id="sidebar">');
include ($links);
echo('</DIV>
<DIV id="ps-content">
<DIV class="sansbold18" style="margin-bottom: 15px; margin-top: 2px;"> <?= $title?></DIV>
<DIV class="info_block">');
echo('<h1>'.$message.'</h1>');
echo('<form name="auth" id="auth" method="post" action="index.php">
<table border=1 style="margin: 75px;">
<tr>
<td colspan="2" align="center">Agency Login</td>
</tr>
<tr>
<td>Login:</td>
<td><input type="text" name="login" id="login" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
<a href="audit/index.php">Auditor Login </a>
</form>
</DIV> <!-- info_block-->
</DIV> <!-- ps -content -->
</DIV> <!-- contentwrap -->');
require($footer);
}
?>