52 lines
1.1 KiB
PHP
52 lines
1.1 KiB
PHP
|
<?php
|
|||
|
|
|
|||
|
|
/* v<>rifier si le login est dans la base */
|
|||
|
|
/* r<>cup<75>rer les propri<72>t<EFBFBD>s de l'user s'il est dans la base */
|
|||
|
|
|
|||
|
|
if (!$_SESSION["member"]){
|
|||
|
|
require("db.conf.php");
|
|||
|
|
$connexion = @mysql_connect(SQL_SERVER,SQL_USER,SQL_PASSWD);
|
|||
|
|
|
|||
|
|
if (!$connexion) {
|
|||
|
|
echo "Erreur serveur mysql $connexion";
|
|||
|
|
} else {
|
|||
|
|
|
|||
|
|
/* protection des la requete */
|
|||
|
|
$login=strip_tags($_POST["login"]);
|
|||
|
|
$secureLogin=mysql_escape_string($login);
|
|||
|
|
$securePass=md5($_POST["passwd"]);
|
|||
|
|
$query="SELECT * FROM Users WHERE ( ".
|
|||
|
|
"LOGIN='".$secureLogin."' AND ".
|
|||
|
|
"PASS='".$securePass."' ".
|
|||
|
|
") ORDER BY login DESC LIMIT 0,1";
|
|||
|
|
|
|||
|
|
$result=mysql_db_query(SQL_BASE,$query,$connexion)
|
|||
|
|
or die($query.":".mysql_error($connexion));
|
|||
|
|
|
|||
|
|
if (mysql_num_rows($result)>0){
|
|||
|
|
$row=mysql_fetch_object($result);
|
|||
|
|
$_SESSION["member"]=$row->login;
|
|||
|
|
$_SESSION["userInfo"]=new UserInfo(
|
|||
|
|
$row->login,
|
|||
|
|
$row->accesslevel,
|
|||
|
|
$row->category,
|
|||
|
|
$row->idcat
|
|||
|
|
);
|
|||
|
|
|
|||
|
|
} else {
|
|||
|
|
// stopper la session...
|
|||
|
|
//print "$securePass";
|
|||
|
|
//session_destroy();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
//mysql_close($connexion);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (!$_SESSION["member"]){
|
|||
|
|
header("Location: login.php");
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
?>
|