Location: PHPKode > projects > Sound PHP Engine > s-p-e-0.3.0/s-p-e-0.3.0/data/security.php
<?php
// ===================================================== 
// 
// s-p-e - Content management system. 
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
// 
// This file is part of s-p-e. 
// 
// s-p-e is free software; you can redistribute it and/or modify 
// it under the terms of the GNU General Public License as published by 
// the Free Software Foundation, either version 3 of the License, or 
// (at your option) any later version. 
// 
// s-p-e is distributed in the hope that it will be useful, 
// but WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
// GNU General Public License for more details. 
// 
// You should have received a copy of the GNU General Public License 
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
//  You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
//  security.php
//
//  Abstract: Authorization.
//  
//  Revision History:
// 
//	1  2004-03-27 - 2005-07-02  vbt
//	2  2005-08-01  vbt
//	3  2010-06-24  vbt
//	4  2011-01-22  vbt
//
// =====================================================

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-Type: text/html; charset=UTF-8");
session_cache_limiter("nocache");

include("../include/functions.php");	

session_set_save_handler("open", "close", "read", "write", "destroy", "gc"); 
session_start();
session_regenerate_id();

if((isset($_POST["aulogin"])) && (isset($_POST["idpassword"])))
{
	$alog = $_POST["aulogin"];
	$hpwd = $_POST["idpassword"];
	$utype = $_POST["use"];
	if($utype == 0){$addk = user;} 
	else if($utype == 1){$addk = editor;} 
	else if($utype == 2){$addk = administrator;}
	else {echo "something wrong!";}
	
	language($cfg["deflangadmin"]);
	
	if(ereg('[!;\"\'%#&$]', $alog) || ereg('[!;\"\'%#&$]', $hpwd))
	{
		echo "".(_("Login and password should not contain special characters."))."";
	} 
	else 
	{
  	  connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
	  $result = mysql_query("select login, pwd, addk 
	  	  from ".($cfg["prefix"])."security 
		  where login='$alog' 
		  and addk='$addk'", $connector) 
		  or die("error #102-1");
    	  $row = mysql_fetch_array($result);
	  if((mysql_num_rows($result) == 0) || (crypt($hpwd, $row["pwd"]) != $row["pwd"]))
	  {
	        echo "<html>
		<head>
		<title>".(_("Authorization"))."</title>
		</head>
		<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
		<body>
		<font class='negative'>
		".(_("Access denied. Check the correctness of your login and password and try again."))."
		</font>
		</body>
		</html>";      
	  } 
	  else 
	  {
	    	$info[0] = $row["login"];
		$info[1] = $row["addk"];
		write($info, session_id());
		echo "<html>
		<head>
		<title>".(_("Authorization"))."</title>
		</head>
		<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
		<body>
		<p>
		<font class='s-normal' id='w-bold'>".(_("Hello,"))."&nbsp;$alog!</font>
		</p>
		<p>
		<font class='positive' id='w-bold'>".(_("You have been authorized successfully."))."</font>
		</p>";
			
		echo "<font class='s-normal' id='w-bold'>";
		if($addk == "user")
		{
			echo "<a href='public.php'>".(_("You are a reporter"))."</a>";
		} 
		else if($addk == "administrator")
		{
		        echo "<a href='admin.php'>".(_("You are the administrator"))."</a>";
		} 
		else if($addk == "editor")
		{
			echo "<a href='edcol.php'>".(_("You are an editor"))."</a>";
		}				
		echo "</font>
		</p>
		</body>
		</html>";
	  }
	}
		mysql_free_result($result);
		mysql_close($connector);
}
?>
Return current item: Sound PHP Engine