Commit | Line | Data |
---|---|---|
a6dacd8b PM |
1 | <?PHP |
2 | function check_user($email,$pass){ | |
3 | global $petition; | |
4 | $res = $petition->query("SELECT * FROM users WHERE email = '$email'"); | |
5 | $user = mysqli_fetch_array($res,MYSQLI_ASSOC); | |
6 | if ($user['email'] != ''){ | |
7 | $encrypted = $user['pass']; | |
8 | $explode = explode(':',$encrypted); | |
9 | $hash = $explode[0]; | |
10 | $salt = $explode[1]; | |
11 | $test = md5($pass.$salt); | |
12 | if( $test == $hash && ($user['level'] == 'Operations' || $user['level'] == 'Client' || $user['level'] == 'Gold Member')){ | |
3282e2fe | 13 | setcookie("id", $user['id']); |
a6dacd8b PM |
14 | setcookie("name", $user['name']); |
15 | setcookie("email", $user['email']); | |
3282e2fe PM |
16 | setcookie("level", $user['sec_level']); |
17 | setcookie("group_id", $user['group_id']); | |
18 | header('Location: index.php'); | |
a6dacd8b PM |
19 | }elseif($user['level'] != 'Admin' && $user['level'] != 'Manager'){ |
20 | return "Invalid Security Level."; | |
21 | }else{ | |
22 | return "Wrong Password."; | |
23 | } | |
24 | }else{ | |
25 | return "E-Mail Address Not Found."; | |
26 | } | |
27 | } | |
28 | ||
29 | if (isset($_POST['email']) && isset($_POST['password'])){ | |
30 | $message = check_user($_POST['email'],$_POST['password']); | |
31 | } | |
32 | ||
33 | ?> | |
34 | ||
35 | <div class="slate"> | |
36 | <form method="post" accept-charset="utf-8"> | |
37 | <table> | |
38 | <?PHP if (isset($message)){ ?> | |
39 | <tr> | |
40 | <td>Message</td> | |
41 | <td><?PHP echo $message;?></td> | |
42 | </tr> | |
43 | <?PHP } ?> | |
44 | <tr> | |
45 | <td>E-Mail Address</td> | |
46 | <td><input type="text" name="email" value="" /></td> | |
47 | </tr> | |
48 | <tr> | |
49 | <td>Password</td> | |
50 | <td><input type="password" name="password" value="" /></td> | |
51 | </tr> | |
52 | <tr> | |
53 | <td> </td> | |
54 | <td><input type="submit" name="loginGo" value="Log In" /></td> | |
55 | </tr> | |
56 | </table> | |
57 | </form> | |
58 | </div> |