<?php session_start(); if (!defined('E_DEPRECATED')) { define('E_DEPRECATED', 0); } error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/class_inc.php"; $currentUrl = $_SERVER["REQUEST_URI"]; $pos = strpos(strtolower($currentUrl), "login.php"); if ($pos === false) { if (!isset($_SESSION["username"]) || !isset($_SESSION["password"])) { header("Location: /" . $ROOTPATH . "/Login.php?ReturnUrl=" . $currentUrl); exit; } else { $username = $_SESSION["username"]; $password = $_SESSION["password"]; $DB = new conn(); if (!$DB->validateUser($username, $password)) { header("Location: /" . $ROOTPATH . "/Login.php?ReturnUrl=" . $currentUrl); exit; } } } //Buffer larger content areas like the main page content require_once $DOCROOT . $ROOTPATH . "/firephp/FirePHP.class.php"; $firephp = FirePHP::getInstance(true); ob_start();
<?php if ($_REQUEST) { if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) { // ALL FORM VARS MUST BE VALIDATED $DB = new conn(); $DB->connect(); $username = $DB->sanitize($_REQUEST["username"]); $password = $DB->sanitize($_REQUEST["password"]); $url = "/{$ROOTPATH}/index.php"; if (isset($_REQUEST["ReturnUrl"])) { $url = $DB->sanitize($_REQUEST["ReturnUrl"]); } $DB->close(); if ($DB->validateUser($username, md5($password))) { $sql = "select users.*, permission_roles.permission, permission_roles.roleid from users join permission_roles on users.permission_role = permission_roles.id where username = '******' and user_password = '******'"; $DB->connect(); $result = $DB->query($sql); $userInfo = mysql_fetch_assoc($result); $firstname = $userInfo["FirstName"]; $lastname = $userInfo["LastName"]; $user_id = $userInfo["user_id"]; $permLevel = $userInfo["permission"]; $roleid = $userInfo["roleid"]; $_SESSION["username"] = $username; $_SESSION["password"] = md5($password); $_SESSION["firstname"] = $firstname; $_SESSION["lastname"] = $lastname; $_SESSION["user_id"] = $user_id; $_SESSION["perm_level"] = $permLevel;