1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
<?php
// database connect script.
//require 'db_connect.php';
require 'check_login.php';
if($logged_in == 1) {
die('You are already logged in, '.$_SESSION['username'].'.');
}
?>
<html>
<head>
<title>Admin Page</title>
<link rel="stylesheet" href="main.css" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=big5">
</head>
<?php
if (isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
die('You did not fill in a required field.');
}
// authenticate.
if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
//$check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");
//if (DB::isError($check) || $check->numRows() == 0) {
// die('That username does not exist in our database.');
//}
//$info = $check->fetchRow();
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
//$info['password'] = stripslashes($info['password']);
//$_POST['passwd'] = md5($_POST['passwd']);
if ($_POST['passwd'] != "dragonone") {
insert_login_log($_POST['uname'], false);
die('Incorrect password, please try again.');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
//$update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
insert_login_log($_SESSION['username'], true);
//$db_object->disconnect();
header('Location: main.php');
?>
<?php
} else { // if form hasn't been submitted
echo $_SESSION['username'] ."<br>";
echo $_SESSION['password'] ."<br>";
?>
<body bgcolor="#FFFFFF" text="#000000">
<table border="0" align="center">
<tr>
<td height="193" valign="middle"><img src="images/banner_Logo&Name.jpg" width="435" height="120"></td>
</tr>
<tr>
<td height="44" align="center">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0" cellspacing="0" cellpadding="0">
<tr><td class='content' align="right">User Name</td><td class='content'>: </td>
<td><input type="text" name="uname" value="dragonboat" size="25" maxlength="25" class="content"></td></tr>
<tr><td class='content' align="right">Password</td><td class='content'>: </td>
<td><input type="password" name="passwd" value=""size="25" maxlength="25" class="content"></td></tr>
<tr><td colspan="2" align="center"></td>
<td colspan="2" align="right" class="content"><input type="submit" name="submit" value="Login" class="content"></td></tr>
</table>
</form>
</td>
</tr>
</table>
<?php
}
?>
</body>
</html>
|