function login($account_id, $password) { // Verify user data $auth_result = User_Authenticate_Password($account_id, $password, $GLOBALS['bd']); // Return erros if it found any problem if ($auth_result == 1) { $user_ok = 1; } elseif ($auth_result == 0) { return "Wrong Password"; } else { return "User Not Found"; } // Create the session code $ip_address = $_SERVER['REMOTE_ADDR']; $sess_id = Create_Session($account_id, 'default', $ip_address, 1, 0, $GLOBALS['bd']); $crypt_sess_id = md5($sess_id); $complete_sess_id = $crypt_sess_id . $sess_id; // Return the session code to the user return $complete_sess_id; }
$error[$num_errors++] = "There are invalid characters in the User ID"; } } if ($val_password == 0) { $error[$num_errors++] = "The password is blank"; } elseif ($val_password == -1) { $error[$num_errors++] = "The password must be at least 6 characters in length"; } } if ($user_ok) { $is_admin = 0; if ($_REQUEST['id'] == 'admin') { $is_admin = 1; } $ip_address = $_SERVER['REMOTE_ADDR']; $sess_id = Create_Session($_REQUEST['id'], 'default', $ip_address, 0, $bd); $crypt_sess_id = md5($sess_id); $complete_sess_id = $crypt_sess_id . $sess_id; if ($is_admin) { header("location: adm_main.php?sess_id={$complete_sess_id}"); exit; } else { header("location: main.php?sess_id={$complete_sess_id}"); exit; } } } // If the user asked to be mailed his password if (isset($_REQUEST['send']) && $_REQUEST['send'] == "Sogin") { $email = User_Validate_Email($_REQUEST['email']); $email_sql = $bd->GetTextFieldValue($email);
$courses = User_List_Courses($account_id, $bd); for ($i = 0; $i < count($courses) && !$has_permission; $i++) { if ($courses[$i][0] == $_GET['slave_id']) { $has_permission = 1; } } } if ($slave_role == 'room') { $rooms = User_List_Rooms($account_id, $bd); for ($i = 0; $i < count($rooms) && !$has_permission; $i++) { if ($rooms[$i][0] == $_GET['slave_id']) { $has_permission = 1; } } } if ($has_permission) { $slave_sess_id = Create_Session($_GET['slave_id'], 'default', $_SERVER['REMOTE_ADDR'], $sess_id, $bd); $crypt_sess_id = md5($slave_sess_id); $complete_sess_id = $crypt_sess_id . $slave_sess_id; header("location:main.php?sess_id={$complete_sess_id}"); exit; } else { $error[$num_errors++] = "You do not have permission to handle this account."; include "scheduling.php"; exit; } } else { $error[$num_errors++] = "Invalid Session ID"; include "logout.php"; exit; }