<?
function DoSession(&$data) {
$data[idletime] = "600";
$data[bdy] = "<TABLE BORDER=0 WIDTH=\"100%\" align=\"center\"><TR><TD HEIGHT=\"200\">";
$exp = time();
$query = "DELETE FROM sessions WHERE EXPIRE < $exp";
mysql_query($query);
if (($data[STV] != '') && ($data[login] != 'yes')) {
ContinueSession($data);
}
else {
SetNewSession($data);
}
$data[uid] = GetUid($data);
$data[user_type] = GetGid($data);
}
function AccessDenied(&$data) {
$data[idletime] = "600";
$data[bdy] = "<TABLE BORDER=0 WIDTH=\"100%\" align=\"center\">><TR><TD ALIGN=\"RIGHT\"><IMG SRC=\"/images/title.gif\"></TD></TR><TR><TD HEIGHT=\"200\">";
$exp = time();
$query = "DELETE FROM sessions WHERE EXPIRE < $exp";
mysql_query($query);
$data[bdy] .= "<p align=\"center\" class=\"error\">Access Denied</p>";
$data[login] = '';
SetNewSession($data);
$data[uid] = GetUid($data);
$data[user_type] = GetGid($data);
}
function ContinueSession($data) {
$exp2 = time()+27200;
$query = "SELECT * FROM sessions WHERE SESSIONID='$data[STV]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
$exp = time()+$data[idletime];
$expire = date("D, d-M-Y H:i:s",$exp2);
$query = "UPDATE sessions SET EXPIRE='$exp' WHERE SESSIONID='$data[STV]'";
mysql_query($query);
//Header("Set-Cookie: data[STV]=$data[STV]; expires=$expire GMT; path=/;");
Header("Set-Cookie: data[STV]=$data[STV]; path=/;");
}
else {
header("Set-Cookie: data[STV]=; path=/;");
$data[bdy] .= "<p align=\"center\" class=\"error\">Sorry your login has expired.</p>";
SetNewSession($data);
exit;
}
}
function GetUid($data) {
$query = "SELECT UID FROM sessions WHERE SESSIONID='$data[STV]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
return mysql_result($result,0,'UID');
}
else {
return 0;
}
}
function GetGid($data) {
$query = "SELECT GID FROM sessions WHERE SESSIONID='$data[STV]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
return mysql_result($result,0,'GID');
}
else {
return 0;
}
}
function SetNewSession(&$data) {
if ($data[login] == '') {
$data[login] = "yes";
$data[tpl]->define(array(index=>"index/index.pub.php"));
$data[bdy] .= "<FORM METHOD=\"POST\" ACTION=\"$data[PHP_SELF]\">\n";
$data[bdy] .= "<TABLE BORDER=\"0\" align=\"center\">\n";
while (list($key,$val) = each($data)) {
if ($key == "login") { $val = "yes"; }
if ($key != "bdy") {
$data[bdy] .= "<INPUT TYPE=HIDDEN NAME=\"data[$key]\" VALUE=\"$val\">\n";
}
}
$data[bdy] .= "<TR><TD COLSPAN=\"2\"><p><b>Press Tab to Continue to Next Field</b></p></TD></TR>";
$data[bdy] .= "<TR><TD><p>Username:</p></TD><TD><INPUT TYPE=TEXT NAME=data[user] VALUE=\"$data[user]\"></TD></TR>\n";
$data[bdy] .= "<TR><TD><p>Password:</p></TD><TD><INPUT TYPE=PASSWORD NAME=data[pass] VALUE=\"\"></TD></TR>\n";
$data[bdy] .= "<TR><TD> </TD><TD><INPUT TYPE=SUBMIT NAME=\"sub\" VALUE=\"Login\"></TD></TR>\n";
$data[bdy] .= "</TABLE>\n</FORM>\n";
$data[bdy] .= "</TD></TR></TABLE>\n";
$data[tpl]->assign(BODY,$data[bdy]);
$data[tpl]->parse(INDEX, array("index"));
$data[tpl]->FastPrint("INDEX");
exit;
}
else {
$query = "SELECT * FROM users WHERE username='$data[user]'";
$result = mysql_query($query);
if (mysql_numrows($result) > 0) {
if (urlencode($data[pass]) != mysql_result($result,0,'pass')) {
$data[bdy] .= "<p align=\"center\" class=\"error\">Sorry Incorrect Password.</p>";
$data[login]='';
SetNewSession($data);
}
else {
$uid = mysql_result($result,0,'id');
$gid = mysql_result($result,0,'user_type');
$exp = time()+$data[idletime];
$exp2 = time()+27200;
$expires = date("D, d-M-Y H:i:s",$exp2);
srand((double)microtime()*1000000);
$session = md5(rand(0,9999999));
$query = "INSERT INTO sessions (SESSIONID,UID,GID,EXPIRE) VALUES('$session','$uid','$gid','$exp')";
mysql_query($query);
//header("Set-Cookie: data[STV]=$session; expires=$expires GMT; path=/;");
Header("Set-Cookie: data[STV]=$session; path=/;");
$data[STV] = $session;
}
}
else {
$data[bdy] .= "<p align=\"center\" class=\"error\">Sorry This User Does Not Exist</p>";
$data[login]='';
SetNewSession($data);
}
}
}
?>
