40 lines
1.2 KiB
PHP
40 lines
1.2 KiB
PHP
<?php
|
|
include_once '../connect/cms-config.php' ;
|
|
include_once '../requires/function.php' ;
|
|
|
|
// check login
|
|
if ($_SESSION['system_id'] == '' && $_SESSION['system_name'] == ''){
|
|
|
|
$user = escapeString($_POST['user_name']); // name
|
|
$password = $_POST['user_password'] ; // password
|
|
|
|
if ($user != '' && $password != ''){
|
|
|
|
// query for user
|
|
$mysqli_user = $mysqli->query("SELECT user_code FROM system_user WHERE
|
|
user_name = '".$user."' AND user_trash = '0' LIMIT 1") ;
|
|
// check if user exists
|
|
if ($mysqli_user->num_rows > 0){
|
|
// set query as array
|
|
$row_user = $mysqli_user->fetch_array(MYSQLI_ASSOC) ;
|
|
// encode password with md5 + code
|
|
$code = $row_user['user_code'] ;
|
|
// check if capcha corrent
|
|
$password = md5(md5($password).$code) ;
|
|
// query for user
|
|
$mysqli_user = $mysqli->query("SELECT user_id, user_name, user_code, user_permission, user_visit_count FROM system_user WHERE
|
|
user_name = '".$user."' AND user_password = '".$password."' AND user_trash = '0' LIMIT 1") ;
|
|
// check if user exists
|
|
if ($mysqli_user->num_rows > 0){
|
|
echo 4 ;
|
|
}else{
|
|
echo 2 ;
|
|
}
|
|
}else{
|
|
echo 2 ;
|
|
}
|
|
exit ;
|
|
}
|
|
}
|
|
echo 'Page Error.' ;
|
|
?>
|