Paul Heyer

<?php session_start(); error_reporting(E_ALL); require_once('functions.php'); require_once("config.inc.php"); $customerid=strlen(trim($_POST['customerid'])); $passcode=strlen(trim($_POST['passcode'])); // check for customerid and passcode // if authentication fails go back to home page. if($customerid==0 or $passcode==0 or $accountnum=0) { $_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>'; header("Location: login_error.php"); exit; } // connect to server $link = mysql_connect($mysql_host, $mysql_user, $mysql_pass); if(!$link) { $_SESSION['error']='<h4>Failed to connect to the server!</h4>'; header("Location: login_error.php"); exit; } // check magic quotes if(get_magic_quotes_gpc()) { $customerid = stripslashes($_REQUEST['customerid']); $passcode = stripslashes($_REQUEST['passcode']); } else { $customerid = $_REQUEST['customerid']; $passcode = $_REQUEST['passcode']; } // connect to database $db_selected=mysql_select_db($mysql_database); // connect to database if(!$db_selected){ $_SESSION['error']='<h4>Failed to connect to the database!</h4>'; header("Location: login_error.php"); exit; } // set todays date $today = date('Y-m-d'); //query string $query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'", mysql_real_escape_string($customerid), mysql_real_escape_string($passcode)); // perform query $result=mysql_query($query, $link); //check if user exist if(mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); // if user is admin or moderator if($row['level']=='100'){ set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $today=date('Y-m-d'); $query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'"; $result=mysql_query($query, $link); $extra = 'admin'; header("Location: http://$host$uri/$extra"); }elseif(trim($row['level'])=='10' or trim($row['level'])==10){ if($row['amount']<10 or $row['amount']<'10'){ $_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated. <br > Please contact Account Manager for more details.</h4>'; header("Location: login_error.php"); exit; } set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']); $today=date('Y-m-d'); $query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'"; $result=mysql_query($query, $link); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'customers'; header("Location: http://$host$uri/$extra"); }else{// user exist but no user level $_SESSION['error']='<h4>Problem with account. please contact Admin</h4>'; header("Location: login_error.php"); } }else{// if user not found $_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>'; header("Location: login_error.php"); } // close connection mysql_close($link); ?>