<?php
// =====================================================
//
// s-p-e - Content management system.
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
//
// This file is part of s-p-e.
//
// s-p-e is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// s-p-e is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
// You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
// security.php
//
// Abstract: Authorization.
//
// Revision History:
//
// 1 2004-03-27 - 2005-07-02 vbt
// 2 2005-08-01 vbt
// 3 2010-06-24 vbt
// 4 2011-01-22 vbt
//
// =====================================================
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-Type: text/html; charset=UTF-8");
session_cache_limiter("nocache");
include("../include/functions.php");
session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();
session_regenerate_id();
if((isset($_POST["aulogin"])) && (isset($_POST["idpassword"])))
{
$alog = $_POST["aulogin"];
$hpwd = $_POST["idpassword"];
$utype = $_POST["use"];
if($utype == 0){$addk = user;}
else if($utype == 1){$addk = editor;}
else if($utype == 2){$addk = administrator;}
else {echo "something wrong!";}
language($cfg["deflangadmin"]);
if(ereg('[!;\"\'%#&$]', $alog) || ereg('[!;\"\'%#&$]', $hpwd))
{
echo "".(_("Login and password should not contain special characters."))."";
}
else
{
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
$result = mysql_query("select login, pwd, addk
from ".($cfg["prefix"])."security
where login='$alog'
and addk='$addk'", $connector)
or die("error #102-1");
$row = mysql_fetch_array($result);
if((mysql_num_rows($result) == 0) || (crypt($hpwd, $row["pwd"]) != $row["pwd"]))
{
echo "<html>
<head>
<title>".(_("Authorization"))."</title>
</head>
<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
<body>
<font class='negative'>
".(_("Access denied. Check the correctness of your login and password and try again."))."
</font>
</body>
</html>";
}
else
{
$info[0] = $row["login"];
$info[1] = $row["addk"];
write($info, session_id());
echo "<html>
<head>
<title>".(_("Authorization"))."</title>
</head>
<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
<body>
<p>
<font class='s-normal' id='w-bold'>".(_("Hello,"))." $alog!</font>
</p>
<p>
<font class='positive' id='w-bold'>".(_("You have been authorized successfully."))."</font>
</p>";
echo "<font class='s-normal' id='w-bold'>";
if($addk == "user")
{
echo "<a href='public.php'>".(_("You are a reporter"))."</a>";
}
else if($addk == "administrator")
{
echo "<a href='admin.php'>".(_("You are the administrator"))."</a>";
}
else if($addk == "editor")
{
echo "<a href='edcol.php'>".(_("You are an editor"))."</a>";
}
echo "</font>
</p>
</body>
</html>";
}
}
mysql_free_result($result);
mysql_close($connector);
}
?>