-
Notifications
You must be signed in to change notification settings - Fork 68
/
login.php
64 lines (49 loc) · 2.59 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
session_start();
include 'config.inc.php';
include 'header.php';
include 'topmain.php';
echo "<title>$title - Admin Login</title>\n";
$self = $_SERVER['PHP_SELF'];
if (isset($_POST['login_userid']) && (isset($_POST['login_password']))) {
$login_userid = $_POST['login_userid'];
$login_password = crypt($_POST['login_password'], 'xy');
$query = "select empfullname, employee_passwd, admin, time_admin from " . $db_prefix . "employees
where empfullname = '" . $login_userid . "'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
$admin_username = "" . $row['empfullname'] . "";
$admin_password = "" . $row['employee_passwd'] . "";
$admin_auth = "" . $row['admin'] . "";
$time_admin_auth = "" . $row['time_admin'] . "";
}
if (($login_userid == @$admin_username) && ($login_password == @$admin_password) && ($admin_auth == "1")) {
$_SESSION['valid_user'] = $login_userid;
} elseif (($login_userid == @$admin_username) && ($login_password == @$admin_password) && ($time_admin_auth == "1")) {
$_SESSION['time_admin_valid_user'] = $login_userid;
}
}
if (isset($_SESSION['valid_user'])) {
echo "<script type='text/javascript' language='javascript'> window.location.href = 'admin/index.php';</script>";
exit;
} elseif (isset($_SESSION['time_admin_valid_user'])) {
echo "<script type='text/javascript' language='javascript'> window.location.href = 'admin/timeadmin.php';</script>";
exit;
} else {
// build form
echo "<form name='auth' method='post' action='$self'>\n";
echo "<table align=center width=210 border=0 cellpadding=7 cellspacing=1>\n";
echo " <tr class=right_main_text><td colspan=2 height=35 align=center valign=top class=title_underline>PHP Timeclock Admin Login</td></tr>\n";
echo " <tr class=right_main_text><td align=left>Username:</td><td align=right><input type='text' name='login_userid'></td></tr>\n";
echo " <tr class=right_main_text><td align=left>Password:</td><td align=right><input type='password' name='login_password'></td></tr>\n";
echo " <tr class=right_main_text><td align=center colspan=2><input type='submit' onClick='admin.php' value='Log In'></td></tr>\n";
if (isset($login_userid)) {
echo " <tr class=right_main_text><td align=center colspan=2>Could not log you in. Either your username or password is incorrect.</td></tr>\n";
}
echo "</table>\n";
echo "</form>\n";
echo "<script language=\"javascript\">document.forms['auth'].login_userid.focus();</script>\n";
}
echo "</body>\n";
echo "</html>\n";
?>