Exemplo n.º 1
0
             $result = $fw->query($query);
             if ($result) {
                 while ($row = $result->fetch_assoc()) {
                     $db_id = $row['id'];
                     $db_username = $row['username'];
                     $db_pass = $row['password'];
                     $db_fullname = $row['fullname'];
                     $db_email = $row['email'];
                     $db_user = $row['is_user'];
                     $db_admin = $row['is_admin'];
                     $db_superadmin = $row['is_superadmin'];
                 }
                 if (sha1($password) == @$db_pass && @$db_user == 1) {
                     $digest = md5($db_id . $db_username . $db_fullname . $db_pass . $db_email . $db_user . $db_admin . $db_superadmin);
                     $_SESSION['USER'] = array('userid' => $db_id, 'username' => $db_username, 'fullname' => $db_fullname, 'digest' => $digest, 'is_user' => $db_user, 'is_admin' => $db_admin, 'is_superadmin' => $db_superadmin);
                     $date = $fw->getDate();
                     $query2 = "update users set last_login = '******' where id = " . $_SESSION['USER']['userid'] . "";
                     $result2 = $fw->query($query2);
                     header("Location: index.php");
                 } elseif (sha1($password) == @$db_pass && @$db_user == 0) {
                     $_SESSION['login']['error'] = "The username and password were correct but access has been revoked. Please contact an admin if you feel this is an error.";
                 } else {
                     $_SESSION['login']['error'] = "The username or password that you entered is not correct.";
                 }
             } else {
                 $_SESSION['login']['error'] = "The username or password that you entered is not correct or an error occured.<br />Please try logging in again.";
             }
         }
     }
 }
 include_once 'header.php';