connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
$mysqli->set_charset("utf8");
$auth = NULL;
if ($require_authentication) {
/* authentication */
session_name('trackme');
session_start();
$sid = session_id();
$auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : "");
$user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : "");
$pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : "");
$ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
$auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0);
// not authenticated and username not submited
// load form
if ((!$auth) && (!$user)){
print
'
'.$lang_title.'
'.$lang_title.'
'.$lang_private.'
'.(($auth_error==1) ? $lang_authfail : "").'
';
$mysqli->close();
exit;
}
// username submited
if ((!$auth) && ($user)){
$query = $mysqli->prepare("SELECT ID,username,password FROM users WHERE username=? LIMIT 1");
$query->bind_param('s', $user);
$query->execute();
$query->bind_result($rec_ID, $rec_user, $rec_pass);
$query->fetch();
$query->free_result();
//correct pass
if (($user==$rec_user) && ($pass==$rec_pass)) {
// login successful
//delete old session
$_SESSION = NULL;
session_destroy();
// start new session
session_name('trackme');
session_start();
if (($user==$admin_user) and ($admin_user != "")) {
$_SESSION['auth'] = $admin_user;
}
else {
$_SESSION['auth'] = $rec_ID;
}
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
header("Location: $ssl://$url");
exit;
} else {
// unsuccessful
$error = "?auth_error=1";
// destroy session
$_SESSION = NULL;
if (isset($_COOKIE[session_name('trackme')])) {
setcookie(session_name('trackme'),'',time()-42000,'/');
}
session_destroy();
$mysqli->close();
$url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
header("Location: $ssl://$url$error");
exit;
}
}
/* end of authentication */
}
?>