query('SELECT * FROM users');
$Username = "";
$Password = "";
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['username'] == htmlspecialchars($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "" && password_verify(htmlspecialchars($_REQUEST['password']), $line['password'])) {
$Username = $line['username'];
$Password = $line['password'];
$id = $line['id'];
// update last usage
if ($storeLastUsage || $storeLastUsage == "true") {
$lastUsed = date($dateFormat);
$Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'");
}
// update IP address
if ($storeIP || $storeIP == "true") {
$ip = getIPAddress();
$Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'");
}
// update user agent
if ($storeAgent || $storeAgent == "true") {
$userAgent = getUserAgent();
$Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'");
}
$Authorized = 1;
$userType = $line['usertype'];
break;
}
}
if ($Authorized != 1) {
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect");
} else {
header("Location: login.php?e=true");
}
die();
}
$_SESSION['type'] = $userType;
$_SESSION['username'] = $Username;
$_SESSION['password'] = $Password;
if ($Redirect != "") { // just so we can try again and still be redirected to the right place
header("Location: login.php?e=true&redir=$Redirect");
} else {
header("Location: login.php?e=true");
}
die();
} else {
$html = "";
$html = printHeader($html, 0);
$html .= "\t\t\t\n";
$html .= "\t\t\t\tEnter your username and password to continue.
\n";
$html .= "\t\t\t\t\n";
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") {
session_unset();
session_destroy();
$html .= "\t\t\t\tInvalid username or password.
\n";
}
$html = printFooter($html);
print "$html";
}
?>