public static function error($err = null)
{
return sqlite_error($err);
}
<?php
//Authors: Joseph Smith and Christopher Bowen
ini_set('display_errors', false);
session_start();
//Start the session
// Query the database for the current user's priveleges
$db = sqlite_open('SQLiteDB/OfficeLayout.db', 0666, $sqliteerror);
$query = "SELECT userType FROM user WHERE username=\"" . $_SESSION['name'] . "\"";
$result = sqlite_query($db, $query);
if (!$result) {
sqlite_close($db);
die("Invalid query: " . sqlite_error());
}
$row = @sqlite_fetch_array($result, SQLITE_ASSOC);
if ($row['userType'] != 'admin') {
//If session not registered
header("location:login.php?msg=You must be an admin to access this page.");
// Redirect to login.php page
} else {
//Continue to current page
header('Content-Type: text/html; charset=utf-8');
}
// Begin the process of adding a department
// If no object has been selected to be added...
if (!isset($_GET['objectType'])) {
echo '<p>Error: No object to be added.</p>';
sqlite_close($db);
die;
}
if (!($_GET['objectType'] == "Department" && isset($_GET['departmentName']) && isset($_GET['iconID']))) {
//attempt login to database...
$db = dbConnect('');
if ($DBProvider=='mysql') {
$user = mysql_escape_string($_POST['user']);
//using mysql:- INSERT INTO `keneb`.`user` (`Username` ,`Password`)VALUES ('test', MD5( 'test' ));
$pass = @md5(mysql_escape_string($_POST['pass'])); //this way skip problems with errors in the password input...
//$pass = @mysql_escape_string($_POST['pass']); //this way skip problems with errors in the password input...
$suser = html_entities($_POST['user']);
$sql = "select * from User where Username='******' or Username='******' AND Password='******' LIMIT 1";
$result = mysql_query($sql) or trigger_error("MySQL Login Query Error:".mysql_error());
if (mysql_num_rows($result) == 0) {
LoginFailed("Login Failed: Incorrect username/password.");
} else {
LogonOK(mysql_fetch_array($result));
}
} else {
//need same encoding as in updateGateway...
$user = htmlentities(@$_POST['user'],ENT_COMPAT,'UTF-8');
$pass = @md5(sqlite_escape_string($_POST['pass'])); //this way skip problems with errors in the password input...
$sql = "select * from User where Username='******' AND Password='******' LIMIT 1";
$result = sqlite_query($sql,$db) or trigger_error("Sqlite Login Query Error:".sqlite_error());
if (sqlite_num_rows($result) == 0) {
LoginFailed("Login Failed: Incorrect username/password.");
} else {
LogonOK(sqlite_fetch_array($result));
}
}
}
?>
