oQuery('SELECT COUNT(*) FROM Users WHERE Enabled = "Y"')) nice_death('NO USERS EXIST!'); function genRandStr($len){ $Characters = 'aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789'; if (!$len || $len < 1) return null; for ($i = 0; $i < $len; $i++) $str .= $Characters[mt_rand(0, strlen($Characters) - 1)]; return $str; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['Form_Name'] == 'frmLogin'){ if ($_POST['login_Username'] && $_POST['login_Password']){ $Password = md5($_POST['login_Password']); $row = $db->rQuery('SELECT Username, Password, Cookie FROM Users WHERE Username LIKE "' . $_POST['login_Username'] . '"'); if ($Password == $row->Password){ $_SESSION['LoggedIn'] = true; $_SESSION['Username'] = $row->Username; if ($_POST['useCookie']){ if (!$row->Cookie){ while (!$row->Cookie){ $tmp = genRandStr(32); if (!$db->oQuery('SELECT COUNT(*) FROM Users WHERE Cookie="' . $tmp . '"')) $row->Cookie = $tmp; } $db->Query('UPDATE Users SET Cookie="' . $row->Cookie . '" WHERE Username="' . $row->Username . '"'); unset($tmp); } setcookie('CMS_AUTOLOGIN', $row->Cookie, time() + 2592000); } if ($_POST['Redirect']) redirect('?' . $_POST['Redirect']); else redirect('.'); } else nice_death('Unable to login: Login Incorrect'); } } elseif (!$_SERVER['LoggedIn'] && $_COOKIE['CMS_AUTOLOGIN']){ $Username = $db->oQuery('SELECT Username FROM Users WHERE Cookie="' . $_COOKIE['CMS_AUTOLOGIN'] . '"'); if ($Username){ $_SESSION['LoggedIn'] = true; $_SESSION['Username'] = $Username; } } if ($_SESSION['LoggedIn'] && $_SESSION['Username']){ $row = $db->rQuery('SELECT * FROM Users WHERE Username="' . $_SESSION['Username'] . '"'); $_SESSION['Username'] = $row->Username; $_SESSION['RealName'] = $row->RealName; $_SESSION['Enabled'] = ($row->Enabled == 'Y'); $_SESSION['Admin'] = ($row->Admin == 'Y'); $_SESSION['EditAll'] = ($row->EditAll == 'Y'); $_SESSION['Webmaster'] = ($row->Webmaster == 'Y'); $_SESSION['WYSIWYG'] = ($row->WYSIWYG == 'Y'); if ($row->Enabled != 'Y'){ murder_session(); nice_death('Your account has been disabled'); } } if (!$_SESSION['LoggedIn'] || !$_SESSION['Username']) murder_session(); if ($Force_Login && !$_SESSION['LoggedIn']) nice_death('You must be logged in to access this page.'); if ($No_Login && $_SESSION['LoggedIn']) nice_death('You cannot access this page while logged in.'); if (isset($_GET['doLogout'])){ // Delete the cookie information first // PHPSESSID cookie will be deleted by murder_session() setcookie('CMS_AUTOLOGIN', '', time() - 2592000); $db->Query('UPDATE Users SET Cookie="" WHERE Username="' . $_SESSION['Username'] . '"'); // Now actually log the user out murder_session(); redirect('.'); die(); // Just in case } function force_login(){ if (!$_SESSION['LoggedIn']) nice_death('You must be logged in to access this page.

Click here to login

'); } function no_login(){ if ($_SESSION['LoggedIn']) nice_death('You cannot access this page while logged in.'); } ?>