The JobShop

Staff & Board Login

[insert_php]
//db connect
// Create database connection
// Web
$connection = mysql_connect(“localhost”, “ceasuser_dbadmin”, “L3@rn!ng”);
If (!$connection) {
die(“Database connection failed: ” . mysql_error());
}
// Select database to use
//Web
$db_select = mysql_select_db(“ceasuser_ceasdata”,$connection);
If (!$db_select) {
die(“Database selection failed: ” . mysql_error());
}
//end dbconnect

If ($_POST[“Mode”] == “Login”) {
//Form Validation
$errors = array();
$required_fields = array(‘Name’, ‘Password’);
ForEach($required_fields as $fieldname) {
If (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
$errors[] = $fieldname;}
}
If (!empty($errors)){
// echo “

Please review the following required fields:
“;
$message = “

Please review the following required fields:
“;
$message2 = “”;
ForEach($errors as $error) {
$message2 = $message2 . ” – ” . $error . “
“;
}
echo “

“;
}

ElseIf (empty($errors)) {
$username = mysql_real_escape_string($_POST[“Name”]);
$password = mysql_real_escape_string($_POST[“Password”]);
$hashedpassword = sha1($password);
$sql = “SELECT UserID, UserName, AccessLevel, HashedPassword FROM webusers WHERE UserName = ‘$username’ AND HashedPassword = ‘$hashedpassword'”;
$result = mysql_query($sql, $connection);
//$result = mysql_query(‘CALL spLogin($username, $hashedpassword)’, $connection);
If(mysql_num_rows($result) == 1) {
// Username and password found and only one record
$row = mysql_fetch_array($result);
//echo “Welcome, ” . $row[“UserName”];
$_SESSION[“UserID”] = $row[“UserID”];
$_SESSION[“UserName”] = $row[“UserName”];
$_SESSION[“AccessLevel”] = $row[“AccessLevel”];

If($row[“HashedPassword”] == ‘cf50a6c590c1786ad98abe6481881f9f94c2a15a’) {
//Change default password
$message = “Login successful. Continue & change password“;
} Else {
$message = “Login successful. Continue“;
}
} Else {
// username / password not found
$message = “Username / password not found. Please try again.”;
}
mysql_close($connection);
}
}
echo $message;
[/insert_php]