function login($account_id, $password)
{
// Verify user data
$auth_result = User_Authenticate_Password($account_id, $password, $GLOBALS['bd']);
// Return erros if it found any problem
if ($auth_result == 1) {
$user_ok = 1;
} elseif ($auth_result == 0) {
return "Wrong Password";
} else {
return "User Not Found";
}
// Create the session code
$ip_address = $_SERVER['REMOTE_ADDR'];
$sess_id = Create_Session($account_id, 'default', $ip_address, 1, 0, $GLOBALS['bd']);
$crypt_sess_id = md5($sess_id);
$complete_sess_id = $crypt_sess_id . $sess_id;
// Return the session code to the user
return $complete_sess_id;
}
$error[$num_errors++] = "There are invalid characters in the User ID";
}
}
if ($val_password == 0) {
$error[$num_errors++] = "The password is blank";
} elseif ($val_password == -1) {
$error[$num_errors++] = "The password must be at least 6 characters in length";
}
}
if ($user_ok) {
$is_admin = 0;
if ($_REQUEST['id'] == 'admin') {
$is_admin = 1;
}
$ip_address = $_SERVER['REMOTE_ADDR'];
$sess_id = Create_Session($_REQUEST['id'], 'default', $ip_address, 0, $bd);
$crypt_sess_id = md5($sess_id);
$complete_sess_id = $crypt_sess_id . $sess_id;
if ($is_admin) {
header("location: adm_main.php?sess_id={$complete_sess_id}");
exit;
} else {
header("location: main.php?sess_id={$complete_sess_id}");
exit;
}
}
}
// If the user asked to be mailed his password
if (isset($_REQUEST['send']) && $_REQUEST['send'] == "Sogin") {
$email = User_Validate_Email($_REQUEST['email']);
$email_sql = $bd->GetTextFieldValue($email);
$courses = User_List_Courses($account_id, $bd);
for ($i = 0; $i < count($courses) && !$has_permission; $i++) {
if ($courses[$i][0] == $_GET['slave_id']) {
$has_permission = 1;
}
}
}
if ($slave_role == 'room') {
$rooms = User_List_Rooms($account_id, $bd);
for ($i = 0; $i < count($rooms) && !$has_permission; $i++) {
if ($rooms[$i][0] == $_GET['slave_id']) {
$has_permission = 1;
}
}
}
if ($has_permission) {
$slave_sess_id = Create_Session($_GET['slave_id'], 'default', $_SERVER['REMOTE_ADDR'], $sess_id, $bd);
$crypt_sess_id = md5($slave_sess_id);
$complete_sess_id = $crypt_sess_id . $slave_sess_id;
header("location:main.php?sess_id={$complete_sess_id}");
exit;
} else {
$error[$num_errors++] = "You do not have permission to handle this account.";
include "scheduling.php";
exit;
}
} else {
$error[$num_errors++] = "Invalid Session ID";
include "logout.php";
exit;
}
