<?
function DoSession(&$data) {
$data['idletime'] = "1800";
$data['bdy'] = "<TABLE BORDER=0 WIDTH=\"100%\" align=\"center\"><TR><TD HEIGHT=\"200\">";
$exp = time();
$query = "DELETE FROM sessions WHERE EXPIRE < $exp";
mysql_query($query);
if (($data['STV'] != '') && ($data['login'] != 'yes') && ($data['logout'] == '')) {
ContinueSession($data);
}
else {
SetNewSession($data);
}
$data['uid'] = GetUid($data);
$data['user_type'] = GetGid($data);
}
function AccessAllowed($user_id, $section_name) {
$query = "SELECT IF (EXISTS(SELECT aarum.user_id FROM admin_area_role_user_map aarum
INNER JOIN users u ON aarum.user_id = u.id
INNER JOIN admin_areas aa ON aa.admin_area_id = aarum.admin_area_id
INNER JOIN admin_roles ar ON ar.admin_role_id = aarum.admin_role_id
WHERE ar.admin_role = 'admin' AND u.id = $user_id AND aa.admin_area = '$section_name'
GROUP BY u.id), 1, 0);";
$result = mysql_query($query);
if (mysql_result($result, 0, 0) == 1) {
return true;
}
return false;
}
function CheckAccess(&$data, $section) {
if (!AccessAllowed($data[uid], $section)) {
$data[tpl]->define(array(index=>"index/index.html"));
$data[bdy] .= "<p align=\"center\" class=\"error\"><b>Sorry, you do not have access to this area.</b></p>";
$data[tpl]->assign(BODY,$data[bdy]);
$data[tpl]->parse(INDEX, array("index"));
$data[tpl]->FastPrint("INDEX");
exit();
}
}
function AccessDenied(&$data) {
$data[idletime] = "600";
$data[bdy] = "<TABLE BORDER=0 WIDTH=\"100%\" align=\"center\">><TR><TD ALIGN=\"RIGHT\"><IMG SRC=\"/images/title.gif\"></TD></TR><TR><TD HEIGHT=\"200\">";
$exp = time();
$query = "DELETE FROM sessions WHERE EXPIRE < $exp";
mysql_query($query);
$data[bdy] .= "<p align=\"center\" class=\"error\">Access Denied</p>";
$data[login] = '';
SetNewSession($data);
$data[uid] = GetUid($data);
$data[user_type] = GetGid($data);
}
function ContinueSession(&$data) {
$exp2 = time()+27200;
$query = "SELECT * FROM sessions WHERE SESSIONID='$data[STV]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
$data[uid] = mysql_result($result,0,'uid');
$data[gid] = mysql_result($result,0,'gid');
$exp = time()+$data[idletime];
$expire = date("D, d-M-Y H:i:s",$exp2);
$query = "UPDATE sessions SET EXPIRE='$exp' WHERE SESSIONID='$data[STV]'";
mysql_query($query);
//Header("Set-Cookie: data[STV]=$data[STV]; expires=$expire GMT; path=/;");
Header("Set-Cookie: data[STV]=$data[STV]; path=/;");
}
else {
header("Set-Cookie: data[STV]=; path=/;");
$data[bdy] .= "<p align=\"center\" class=\"error\">Sorry your login has expired.</p>";
SetNewSession($data);
exit;
}
}
function GetUid($data) {
$query = "SELECT UID FROM sessions WHERE SESSIONID='$data[STV]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
return mysql_result($result,0,'UID');
}
else {
return 0;
}
}
function GetGid($data) {
$query = "SELECT GID FROM sessions WHERE SESSIONID='$data[STV]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
return mysql_result($result,0,'GID');
}
else {
return 0;
}
}
function SetNewSession(&$data) {
if ($data['login'] == '') {
$data['login'] = "yes";
$data['tpl']->define(array('index'=>"index/index.html"));
$data['bdy'] .= "<FORM METHOD=\"POST\" ACTION=\"$data[PHP_SELF]\">\n";
$data['bdy'] .= "<TABLE BORDER=\"0\" align=\"center\">\n";
while (list($key,$val) = each($data)) {
if ($key == "login") { $val = "yes"; }
if (($key != "bdy") && ($key != "tpl")) {
$data['bdy'] .= "<INPUT TYPE=HIDDEN NAME=\"data[$key]\" VALUE=\"$val\">\n";
}
}
$data['bdy'] .= "<TR><TD COLSPAN=\"2\"><p><b>Press Tab to Continue to Next Field</b></p></TD></TR>";
$data['bdy'] .= "<TR><TD><p>Username:</p></TD><TD><INPUT TYPE=TEXT NAME=data[user] VALUE=\"$data[user]\"></TD></TR>\n";
$data['bdy'] .= "<TR><TD><p>Password:</p></TD><TD><INPUT TYPE=PASSWORD NAME=data[pass] VALUE=\"\"></TD></TR>\n";
$data['bdy'] .= "<TR><TD> </TD><TD><INPUT TYPE=SUBMIT NAME=\"sub\" VALUE=\"Login\"></TD></TR>\n";
$data['bdy'] .= "</TABLE>\n</FORM>\n";
$data['bdy'] .= "</TD></TR></TABLE>\n";
$data['tpl']->assign('BODY',$data['bdy']);
$data['tpl']->parse('MENU', array("menu"));
$data['tpl']->parse('INDEX', array("index"));
$data['tpl']->FastPrint("INDEX");
exit;
}
else {
$query = "SELECT * FROM users WHERE username='$data[user]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
if (urlencode($data[pass]) != mysql_result($result,0,'pass')) {
$data[bdy] .= "<p align=\"center\" class=\"error\">Sorry Incorrect Password.</p>";
$data[login]='';
SetNewSession($data);
}
else {
$uid = mysql_result($result,0,'uid');
$gid = mysql_result($result,0,'gid');
$exp = time()+$data[idletime];
$exp2 = time()+27200;
$expires = date("D, d-M-Y H:i:s",$exp2);
srand((double)microtime()*1000000);
$session = md5(rand(0,9999999));
$query = "INSERT INTO sessions (SESSIONID,UID,GID,EXPIRE) VALUES('$session','$uid','$gid','$exp')";
mysql_query($query);
$time = time();
$query = "UPDATE users SET lastlogon = $time WHERE uid = $uid";
mysql_query($query);
//header("Set-Cookie: data[STV]=$session; expires=$expires GMT; path=/;");
Header("Set-Cookie: data[STV]=$session; path=/;");
$data[STV] = $session;
$data[uid] = $uid;
$data[gid] = $gid;
}
}
else {
$data[bdy] .= "<p align=\"center\" class=\"error\">Sorry This User Does Not Exist</p>";
$data[login]='';
SetNewSession($data);
}
}
}
?>
