Revision: 4815
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at January 22, 2008 00:17 by ecavazos
Initial Code
<?php // start session session_start(); if (array_key_exists('username', $_SESSION)) { // user already authenticated header('location: index.php'); } if ($_POST) { if (array_key_exists('username', $_POST)) { require_once('codes/dal.php'); $dal = new DataAccessLayer(); $user = trim($_POST['username']); $pass = trim($_POST['password']); $pass = bin2hex(md5($pass, TRUE )); // join the 'users' and 'roles' tables $sql = 'select ' . 'u.id ' . ',u.username ' . ',u.password ' . ',u.role_id ' . ',r.name ' . ',u.full_name ' . ',u.email ' . ',u.description ' . 'from users as u ' . 'join roles as r on u.role_id = r.id ' . 'where u.username = \'' . $user . '\''; $result = $dal->query($sql); if ($result->num_rows > 0) { $row = $result->fetch_assoc(); if ($pass == $row['password']) { // create session variables $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['full_name'] = $row['full_name']; $_SESSION['role_id'] = $row['role_id']; $_SESSION['role_name'] = $row['name']; $_SESSION['email'] = $row['email']; $_SESSION['password'] = $row['password']; // check if password is default if($pass == bin2hex(md5('pass', TRUE ))) { $_SESSION['default'] = true; // login successful - but password needs to be changed header('location: users/change_password.php'); } else { // login successful - redirect to home page header('location: index.php'); } } else { $err = '<tr><td colspan="2">' . '<div class="error-message">The username and/or password you entered is invalid.</div>' . '</td></tr>'; } } else { $err = '<tr><td colspan="2">' . '<div class="error-message">The username and/or password you entered is invalid.</div>' . '</td></tr>'; } } } ?>
Initial URL
Initial Description
Initial Title
Login & Start Session
Initial Tags
login
Initial Language
PHP