[clinton/MarylandElectronicPetitionSignature.git] / admin / login.php

<?PHP
include_once('/var/www/secure.php'); 
function check_user($email,$pass){
		global $petition;
		$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
		$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
		if ($user['email'] != ''){
			$encrypted = $user['pass'];
			$explode = explode(':',$encrypted);
			$hash = $explode[0];
			$salt = $explode[1];
			$test = md5($pass.$salt);
			if( $test == $hash ){
				setcookie("id", $user['id']);
			        setcookie("name", $user['name']);
			        setcookie("email", $user['email']);
			        setcookie("level", $user['sec_level']);
				setcookie("group_id", $user['group_id']);
				header('Location: index.php');
			}else{
				return "Wrong Password.";
			}
		}else{
			return "E-Mail Address Not Found.";
		}
	}

if (isset($_POST['email']) && isset($_POST['password'])){
  $message =  check_user($_POST['email'],$_POST['password']);
}

?>

<div class="slate">
  <form method="post" accept-charset="utf-8">
    <table>
      <?PHP if (isset($message)){ ?>
  		<tr>
  			<td>Message</td>
  			<td><?PHP echo $message;?></td>
  		</tr>
      <?PHP } ?>
  		<tr>
  			<td>E-Mail Address</td>
  			<td><input type="text" name="email" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>Password</td>
  			<td><input type="password" name="password" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>&nbsp;</td>
  			<td><input type="submit" name="loginGo" value="Log In"  /></td>
  		</tr>
  	</table>	
  </form>
</div>
Commit	Line	Data
a6dacd8b	1	<?PHP
ef87ad00	2	include_once('/var/www/secure.php');
a6dacd8b PM	3	function check_user($email,$pass){
	4	global $petition;
	5	$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
	6	$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
	7	if ($user['email'] != ''){
	8	$encrypted = $user['pass'];
	9	$explode = explode(':',$encrypted);
	10	$hash = $explode[0];
	11	$salt = $explode[1];
	12	$test = md5($pass.$salt);
00020249	13	if( $test == $hash ){
3282e2fe	14	setcookie("id", $user['id']);
a6dacd8b PM	15	setcookie("name", $user['name']);
a6dacd8b PM	16	setcookie("email", $user['email']);
3282e2fe PM	17	setcookie("level", $user['sec_level']);
	18	setcookie("group_id", $user['group_id']);
	19	header('Location: index.php');
00020249	20	}else{
a6dacd8b PM	21	return "Wrong Password.";
	22	}
	23	}else{
	24	return "E-Mail Address Not Found.";
	25	}
	26	}
	27
	28	if (isset($_POST['email']) && isset($_POST['password'])){
	29	$message = check_user($_POST['email'],$_POST['password']);
	30	}
	31
	32	?>
	33
	34	<div class="slate">
	35	<form method="post" accept-charset="utf-8">
	36	<table>
	37	<?PHP if (isset($message)){ ?>
	38	<tr>
	39	<td>Message</td>
	40	<td><?PHP echo $message;?></td>
	41	</tr>
	42	<?PHP } ?>
	43	<tr>
	44	<td>E-Mail Address</td>
	45	<td><input type="text" name="email" value="" /></td>
	46	</tr>
	47	<tr>
	48	<td>Password</td>
	49	<td><input type="password" name="password" value="" /></td>
	50	</tr>
	51	<tr>
	52	<td> </td>
	53	<td><input type="submit" name="loginGo" value="Log In" /></td>
	54	</tr>
	55	</table>
	56	</form>
	57	</div>