Update login.php

[clinton/MarylandElectronicPetitionSignature.git] / admin / login.php

diff --git a/admin/login.php b/admin/login.php
index 430bbcb..37aed62 100644 (file)
--- a/admin/login.php
+++ b/admin/login.php
@@ -1,4 +1,5 @@
 <?PHP
+include_once('/var/www/secure.php'); 
 function check_user($email,$pass){
                global $petition;
                $res = $petition->query("SELECT * FROM users WHERE email = '$email'");
@@ -9,16 +10,14 @@ function check_user($email,$pass){
                        $hash = $explode[0];
                        $salt = $explode[1];
                        $test = md5($pass.$salt);
-                       if( $test == $hash && ($user['level'] == 'Operations' || $user['level'] == 'Client' || $user['level'] == 'Gold Member')){
+                       if( $test == $hash ){
                                setcookie("id", $user['id']);
                                setcookie("name", $user['name']);
                                setcookie("email", $user['email']);
                                setcookie("level", $user['sec_level']);
                                setcookie("group_id", $user['group_id']);
                                header('Location: index.php');
-                       }elseif($user['level'] != 'Admin' && $user['level'] != 'Manager'){      
-                               return "Invalid Security Level.";
-                       }else{  
+                       }else{
                                return "Wrong Password.";
                        }
                }else{
@@ -51,7 +50,7 @@ if (isset($_POST['email']) && isset($_POST['password'])){
                </tr>
                <tr>    
                        <td>&nbsp;</td>
-                       <td><input type="submit" name="loginGo" value="Log In"  /></td>
+                       <td><input type="submit" name="loginGo" value="Log In"  /> or <a href='reset.php'>Reset Password</a></td>
                </tr>
        </table>        
   </form>