<?php
session_start();
error_reporting(E_ALL);
require_once('functions.php');
require_once("config.inc.php");
$customerid=strlen(trim($_POST['customerid']));
$passcode=strlen(trim($_POST['passcode']));
// check for customerid and passcode
// if authentication fails go back to home page.
if($customerid==0 or $passcode==0 or $accountnum=0) {
$_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>';
header("Location: login_error.php");
exit;
}
// connect to server
$link = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if(!$link) {
$_SESSION['error']='<h4>Failed to connect to the server!</h4>';
header("Location: login_error.php");
exit;
}
// check magic quotes
if(get_magic_quotes_gpc()) {
$customerid = stripslashes($_REQUEST['customerid']);
$passcode = stripslashes($_REQUEST['passcode']);
} else {
$customerid = $_REQUEST['customerid'];
$passcode = $_REQUEST['passcode'];
}
// connect to database
$db_selected=mysql_select_db($mysql_database);
// connect to database
if(!$db_selected){
$_SESSION['error']='<h4>Failed to connect to the database!</h4>';
header("Location: login_error.php");
exit;
}
// set todays date
$today = date('Y-m-d');
//query string
$query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'",
mysql_real_escape_string($customerid),
mysql_real_escape_string($passcode));
// perform query
$result=mysql_query($query, $link);
//check if user exist
if(mysql_num_rows($result) == 1){
$row = mysql_fetch_assoc($result);
// if user is admin or moderator
if($row['level']=='100'){
set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$today=date('Y-m-d');
$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
$result=mysql_query($query, $link);
$extra = 'admin';
header("Location: http://$host$uri/$extra");
}elseif(trim($row['level'])=='10' or trim($row['level'])==10){
if($row['amount']<10 or $row['amount']<'10'){
$_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated.
<br > Please contact Account Manager for more details.</h4>';
header("Location: login_error.php");
exit;
}
set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
$today=date('Y-m-d');
$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
$result=mysql_query($query, $link);
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'customers';
header("Location: http://$host$uri/$extra");
}else{// user exist but no user level
$_SESSION['error']='<h4>Problem with account. please contact Admin</h4>';
header("Location: login_error.php");
}
}else{// if user not found
$_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>';
header("Location: login_error.php");
}
// close connection
mysql_close($link);
?>