[clinton/MarylandElectronicPetitionSignature.git] / admin / login.php

<?PHP
include_once('/var/www/secure.php'); 
include_once('../slack.php'); 

function check_user($email,$pass){
		global $petition;
		$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
		$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
		if ($user['email'] != ''){
			$encrypted = $user['pass'];
			$explode = explode(':',$encrypted);
			$hash = $explode[0];
			$salt = $explode[1];
			$test = md5($pass.$salt);
			if( $test == $hash ){
				setcookie("id", $user['id']);
			        setcookie("name", $user['name']);
			        setcookie("email", $user['email']);
			        setcookie("level", $user['sec_level']);
				setcookie("group_id", $user['group_id']);
				header('Location: index.php');
			}else{
				slack_general('ADMIN: Wrong Password','md-petition');
				return "Wrong Password.";
			}
		}else{
			slack_general('ADMIN: E-Mail Address Not Found','md-petition');
			return "E-Mail Address Not Found.";
		}
	}

if (isset($_POST['email']) && isset($_POST['password'])){
  $message =  check_user($_POST['email'],$_POST['password']);
}else{
	slack_general('ADMIN: Login Page Loaded','md-petition');	
}

?>

<div class="slate">
  <form method="post" accept-charset="utf-8">
    <table>
      <?PHP if (isset($message)){ ?>
  		<tr>
  			<td>Message</td>
  			<td><?PHP echo $message;?></td>
  		</tr>
      <?PHP } ?>
  		<tr>
  			<td>E-Mail Address</td>
  			<td><input type="text" name="email" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>Password</td>
  			<td><input type="password" name="password" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>&nbsp;</td>
			<td><input type="submit" name="loginGo" value="Log In"  /> or <a href='reset.php'>Reset Password</a></td>
  		</tr>
  	</table>	
  </form>
</div>
Commit	Line	Data
a6dacd8b	1	<?PHP
ef87ad00	2	include_once('/var/www/secure.php');
e2c38caf PM	3	include_once('../slack.php');
e2c38caf PM	4
a6dacd8b PM	5	function check_user($email,$pass){
	6	global $petition;
	7	$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
	8	$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
	9	if ($user['email'] != ''){
	10	$encrypted = $user['pass'];
	11	$explode = explode(':',$encrypted);
	12	$hash = $explode[0];
	13	$salt = $explode[1];
	14	$test = md5($pass.$salt);
00020249	15	if( $test == $hash ){
3282e2fe	16	setcookie("id", $user['id']);
a6dacd8b PM	17	setcookie("name", $user['name']);
a6dacd8b PM	18	setcookie("email", $user['email']);
3282e2fe PM	19	setcookie("level", $user['sec_level']);
	20	setcookie("group_id", $user['group_id']);
	21	header('Location: index.php');
00020249	22	}else{
e2c38caf	23	slack_general('ADMIN: Wrong Password','md-petition');
a6dacd8b PM	24	return "Wrong Password.";
	25	}
	26	}else{
e2c38caf	27	slack_general('ADMIN: E-Mail Address Not Found','md-petition');
a6dacd8b PM	28	return "E-Mail Address Not Found.";
	29	}
	30	}
	31
	32	if (isset($_POST['email']) && isset($_POST['password'])){
	33	$message = check_user($_POST['email'],$_POST['password']);
e2c38caf PM	34	}else{
e2c38caf PM	35	slack_general('ADMIN: Login Page Loaded','md-petition');
a6dacd8b PM	36	}
	37
	38	?>
	39
	40	<div class="slate">
	41	<form method="post" accept-charset="utf-8">
	42	<table>
	43	<?PHP if (isset($message)){ ?>
	44	<tr>
	45	<td>Message</td>
	46	<td><?PHP echo $message;?></td>
	47	</tr>
	48	<?PHP } ?>
	49	<tr>
	50	<td>E-Mail Address</td>
	51	<td><input type="text" name="email" value="" /></td>
	52	</tr>
	53	<tr>
	54	<td>Password</td>
	55	<td><input type="password" name="password" value="" /></td>
	56	</tr>
	57	<tr>
	58	<td> </td>
ca268b44	59	<td><input type="submit" name="loginGo" value="Log In" /> or <a href='reset.php'>Reset Password</a></td>
a6dacd8b PM	60	</tr>
	61	</table>
	62	</form>
	63	</div>