<?php # index.php
require_once('includes/phpconnect.php'); // Connect to the database.
// Send NOTHING to the Web browser prior to the session_start() line!
// Check if the form has been submitted
if (isset($_POST['submitted'])) {
$errors = array(); // Initialize error array.
//Check for a username
if (empty($_POST['username'])) {
$errors[] = 'You need to enter a username.';
} else {
$n = mysql_real_escape_string($_POST['username']);
}
//Check for a password
if (empty($_POST['password'])) {
$errors[] = 'You need to enter a password.';
} else {
$p = mysql_real_escape_string($_POST['password']);
}
if (empty($errors)) { //If everything's OK.
/* Retrieve the user and pass
for username and password combination */
$query = "SELECT * FROM TABLE_NAME_HERE WHERE user='$n' AND pass='$p'";
$result = mysql_query ($query); // Run the query
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the session data & redirect.
session_name ('uID');
session_start();
$_SESSION['fname'] = $row[0];
$_SESSION['lname'] = $row[1];
$_SESSION['user'] = $row[2];
$_SESSION['pass'] = $row[3];
$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
// Redirect the user to the loggedin.php page.
// Start defining the URL.
$url = $strAdminURL;
// Check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/admin.php';
header("Location: $url");
exit(); // Quit the script.
} else { // No record matched the query.
$errors[] = 'The username and password you entered do not match those on file.'; // Public Message.
}
} // End of if (empty($errors)) IF
mysql_close(); // Closes the database connection.
} else { // Form has not been submitted.
$errors = NULL;
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
<title><?=$pT.' - Powered by Bright';?></title>
<link rel="stylesheet" href="../includes/css/style.css" type="text/css" />
</head>
<body bgcolor="#dedede" topmargin="0" leftmargin="0">
Welcome to the admin panel. Please login to start editing the site to your specifications.
<br><br>
<?
if (!empty($errors)) { // Print any error messages.
echo 'Error!<br/>
The following error(s) occured:<br/>';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br/>\n";
}
echo '<br/>Please try again.<br/>';
}
// Create the form.
// Error message if someone trys to bypass the login.
if (isset($_GET['error'])) {
echo 'Error!<br/>
The following error(s) occured:<br/>';
echo ' - Please enter a username and password to access the admin panel.<br/>';
}
?>
<b>Login</b>
<form action="index.php" method="post">
<p>Username:<br>
<input class="textArea" type="text" name="username" size="20" maxlength="40" /><br/>
Password:<br>
<input class="textArea" type="password" name="password" size="20" maxlength="20" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</body>
</html>