[clinton/MarylandElectronicPetitionSignature.git] / admin / login.php

<?PHP
function check_user($email,$pass){
		global $petition;
		$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
		$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
		if ($user['email'] != ''){
			$encrypted = $user['pass'];
			$explode = explode(':',$encrypted);
			$hash = $explode[0];
			$salt = $explode[1];
			$test = md5($pass.$salt);
			if( $test == $hash && ($user['level'] == 'Operations' || $user['level'] == 'Client' || $user['level'] == 'Gold Member')){
				setcookie("id", $user['id']);
			        setcookie("name", $user['name']);
			        setcookie("email", $user['email']);
			        setcookie("level", $user['sec_level']);
				setcookie("group_id", $user['group_id']);
				header('Location: index.php');
			}elseif($user['level'] != 'Admin' && $user['level'] != 'Manager'){	
				return "Invalid Security Level.";
			}else{	
				return "Wrong Password.";
			}
		}else{
			return "E-Mail Address Not Found.";
		}
	}

if (isset($_POST['email']) && isset($_POST['password'])){
  $message =  check_user($_POST['email'],$_POST['password']);
}

?>

<div class="slate">
  <form method="post" accept-charset="utf-8">
    <table>
      <?PHP if (isset($message)){ ?>
  		<tr>
  			<td>Message</td>
  			<td><?PHP echo $message;?></td>
  		</tr>
      <?PHP } ?>
  		<tr>
  			<td>E-Mail Address</td>
  			<td><input type="text" name="email" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>Password</td>
  			<td><input type="password" name="password" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>&nbsp;</td>
  			<td><input type="submit" name="loginGo" value="Log In"  /></td>
  		</tr>
  	</table>	
  </form>
</div>
Commit	Line	Data
a6dacd8b PM	1	<?PHP
	2	function check_user($email,$pass){
	3	global $petition;
	4	$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
	5	$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
	6	if ($user['email'] != ''){
	7	$encrypted = $user['pass'];
	8	$explode = explode(':',$encrypted);
	9	$hash = $explode[0];
	10	$salt = $explode[1];
	11	$test = md5($pass.$salt);
	12	if( $test == $hash && ($user['level'] == 'Operations' \|\| $user['level'] == 'Client' \|\| $user['level'] == 'Gold Member')){
3282e2fe	13	setcookie("id", $user['id']);
a6dacd8b PM	14	setcookie("name", $user['name']);
a6dacd8b PM	15	setcookie("email", $user['email']);
3282e2fe PM	16	setcookie("level", $user['sec_level']);
	17	setcookie("group_id", $user['group_id']);
	18	header('Location: index.php');
a6dacd8b PM	19	}elseif($user['level'] != 'Admin' && $user['level'] != 'Manager'){
	20	return "Invalid Security Level.";
	21	}else{
	22	return "Wrong Password.";
	23	}
	24	}else{
	25	return "E-Mail Address Not Found.";
	26	}
	27	}
	28
	29	if (isset($_POST['email']) && isset($_POST['password'])){
	30	$message = check_user($_POST['email'],$_POST['password']);
	31	}
	32
	33	?>
	34
	35	<div class="slate">
	36	<form method="post" accept-charset="utf-8">
	37	<table>
	38	<?PHP if (isset($message)){ ?>
	39	<tr>
	40	<td>Message</td>
	41	<td><?PHP echo $message;?></td>
	42	</tr>
	43	<?PHP } ?>
	44	<tr>
	45	<td>E-Mail Address</td>
	46	<td><input type="text" name="email" value="" /></td>
	47	</tr>
	48	<tr>
	49	<td>Password</td>
	50	<td><input type="password" name="password" value="" /></td>
	51	</tr>
	52	<tr>
	53	<td> </td>
	54	<td><input type="submit" name="loginGo" value="Log In" /></td>
	55	</tr>
	56	</table>
	57	</form>
	58	</div>