[clinton/MarylandElectronicPetitionSignature.git] / admin / login.php

<?PHP
include_once('/var/www/secure.php'); 
include_once('../slack.php'); 

function check_user($email,$pass){
		global $petition;
		$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
		$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
		if ($user['email'] != ''){
			$encrypted = $user['pass'];
			$explode = explode(':',$encrypted);
			$hash = $explode[0];
			$salt = $explode[1];
			$test = md5($pass.$salt);
			if( $test == $hash ){
				setcookie("id", $user['id']);
			        setcookie("name", $user['name']);
			        setcookie("email", $user['email']);
			        setcookie("level", $user['sec_level']);
				setcookie("group_id", $user['group_id']);
				setcookie("petition_id", $user['petition_id']);
				header('Location: index.php');
			}else{
				slack_general('ADMIN: Wrong Password','md-petition');
				return "Wrong Password.";
			}
		}else{
			slack_general('ADMIN: E-Mail Address Not Found','md-petition');
			return "E-Mail Address Not Found.";
		}
	}

if (isset($_POST['email']) && isset($_POST['password'])){
  $message =  check_user($_POST['email'],$_POST['password']);
}else{
	slack_general('ADMIN: Login Page Loaded','md-petition');	
}

?>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-TY6C66ZWMX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'G-TY6C66ZWMX');
</script>
<div class="slate">
  <form method="post" accept-charset="utf-8">
    <table>
      <?PHP if (isset($message)){ ?>
  		<tr>
  			<td>Message</td>
  			<td><?PHP echo $message;?></td>
  		</tr>
      <?PHP } ?>
  		<tr>
  			<td>E-Mail Address</td>
  			<td><input type="text" name="email" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>Password</td>
  			<td><input type="password" name="password" value=""  /></td>
  		</tr>
  		<tr>	
  			<td>&nbsp;</td>
			<td><input type="submit" name="loginGo" value="Log In"  /> or <a href='reset.php'>Reset Password</a></td>
  		</tr>
  	</table>	
  </form>
</div>
Commit	Line	Data
a6dacd8b	1	<?PHP
ef87ad00	2	include_once('/var/www/secure.php');
e2c38caf PM	3	include_once('../slack.php');
e2c38caf PM	4
a6dacd8b PM	5	function check_user($email,$pass){
	6	global $petition;
	7	$res = $petition->query("SELECT * FROM users WHERE email = '$email'");
	8	$user = mysqli_fetch_array($res,MYSQLI_ASSOC);
	9	if ($user['email'] != ''){
	10	$encrypted = $user['pass'];
	11	$explode = explode(':',$encrypted);
	12	$hash = $explode[0];
	13	$salt = $explode[1];
	14	$test = md5($pass.$salt);
00020249	15	if( $test == $hash ){
3282e2fe	16	setcookie("id", $user['id']);
a6dacd8b PM	17	setcookie("name", $user['name']);
a6dacd8b PM	18	setcookie("email", $user['email']);
3282e2fe PM	19	setcookie("level", $user['sec_level']);
3282e2fe PM	20	setcookie("group_id", $user['group_id']);
49e23872	21	setcookie("petition_id", $user['petition_id']);
3282e2fe	22	header('Location: index.php');
00020249	23	}else{
e2c38caf	24	slack_general('ADMIN: Wrong Password','md-petition');
a6dacd8b PM	25	return "Wrong Password.";
	26	}
	27	}else{
e2c38caf	28	slack_general('ADMIN: E-Mail Address Not Found','md-petition');
a6dacd8b PM	29	return "E-Mail Address Not Found.";
	30	}
	31	}
	32
	33	if (isset($_POST['email']) && isset($_POST['password'])){
	34	$message = check_user($_POST['email'],$_POST['password']);
e2c38caf PM	35	}else{
e2c38caf PM	36	slack_general('ADMIN: Login Page Loaded','md-petition');
a6dacd8b PM	37	}
	38
	39	?>
6ca30ad6 PM	40	<script async src="https://www.googletagmanager.com/gtag/js?id=G-TY6C66ZWMX"></script>
	41	<script>
	42	window.dataLayer = window.dataLayer \|\| [];
	43	function gtag(){dataLayer.push(arguments);}
	44	gtag('js', new Date());
a6dacd8b	45
6ca30ad6 PM	46	gtag('config', 'G-TY6C66ZWMX');
6ca30ad6 PM	47	</script>
a6dacd8b PM	48	<div class="slate">
	49	<form method="post" accept-charset="utf-8">
	50	<table>
	51	<?PHP if (isset($message)){ ?>
	52	<tr>
	53	<td>Message</td>
	54	<td><?PHP echo $message;?></td>
	55	</tr>
	56	<?PHP } ?>
	57	<tr>
	58	<td>E-Mail Address</td>
	59	<td><input type="text" name="email" value="" /></td>
	60	</tr>
	61	<tr>
	62	<td>Password</td>
	63	<td><input type="password" name="password" value="" /></td>
	64	</tr>
	65	<tr>
	66	<td> </td>
ca268b44	67	<td><input type="submit" name="loginGo" value="Log In" /> or <a href='reset.php'>Reset Password</a></td>
a6dacd8b PM	68	</tr>
	69	</table>
	70	</form>
	71	</div>