$AUTH_LOG = "./logs/auth_log"; //Filename/subdirectory of logfile. Make sure the file function GenerateSecret ($username, $encrypted_password ) { #$md5str = MD5( TIME() ); $md5str = ""; $cookie_val = "$username-$encrypted_password-$md5str"; setcookie("hotelvillaargia", $cookie_val, time() + 31536000); $arg = "update CMS_Utenti set string='$md5str' where Username='$username'"; $row = mysql_query($arg); } function AuthenticateUser ( $username, $password ) { if ($username == "-LOGOUT-" && $password == "-LOGOUT-"){ $md5str = ""; $cookie_val = "$username-$password-$md5str"; setcookie("hotelvillaargia", $cookie_val, time() + 31536000); return 0; }else{ global $Tipo_utente; global $ip; global $host; global $referer; #encrypt('$password','$username') $arg = "select password, Tipo_utente, 1 as auth from CMS_Utenti where stato = 'A' and Username='$username' and Password='$password'"; #echo $arg; $row = mysql_fetch_array(mysql_query($arg )); if ($row["auth"]) { if (isset( $AUTH_LOG )) error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username' authenticated\n", 3, AUTH_LOG); $Tipo_utente = $row["Tipo_utente"]; GenerateSecret( $username, $row["password"] ); return 1; } else { if (isset( $AUTH_LOG )) error_log( date("Ymd H:i:s") . " -- $ip -- Username: '$username' authentication failure\n", 3, AUTH_LOG); return 0; } } } function AuthenticateCookie ($cookie) { global $Tipo_utente; $cookie_var = split("-", $cookie); $ck_username = $cookie_var[0]; $ck_password = $cookie_var[1]; $secret = $cookie_var[2]; $arg = "select 1 as auth, Tipo_utente from CMS_Utenti where stato = 'A' and Username='$ck_username' and Password='$ck_password'"; #and string='$secret'"; #echo $arg; $query = mysql_query($arg); $result = mysql_fetch_array($query); $Tipo_utente = $result["Tipo_utente"]; if (!($result["auth"])) { } else{ return $ck_username; } } $request_post = $GLOBALS['HTTP_POST_VARS']; if (isset($request_post["username"])) $username = $request_post["username"]; if (isset($request_post["password"])) $password = $request_post["password"]; $THIS_URL=getenv("SCRIPT_NAME"); $ip = getenv("REMOTE_ADDR"); $host = getenv("REMOTE_HOST"); $referer = getenv("REMOTE_REFERER"); $logon = 0; if (isset($HTTP_COOKIE_VARS["hotelvillaargia"])) $cookie = $HTTP_COOKIE_VARS["hotelvillaargia"]; if (isset($cookie)) { if (!isset($username) || ($username == "")) { $username = AuthenticateCookie($cookie); if (isset($username)) $logon = 1; } else $logon = AuthenticateUser($username, $password); } else { if (isset($username)) { $logon = AuthenticateUser($username, $password); } else { $username = ""; $logon = 0; } } mysql_query("update CMS_Utenti set IP_Utente = '$ip', Data_addin = now() where Username = '$username'"); function getparameter($param) { return; $valore = ""; $sSql = "Select Valore from amvi_parametri where Codice = '$param'"; $query_param = mysql_Query($sSql); while($result_param = mysql_fetch_array($query_param)) { $valore = $result_param["Valore"]; } return $valore; } function myformatdate($date) { $arraydata = split("-", $date); $arraydatatime = split(" ",$arraydata[2]); return "$arraydatatime[0]/$arraydata[1]/$arraydata[0]"; } function myformatdatetime($date) { $arraydata = split("-", $date); $arraydatatime = split(" ",$arraydata[2]); return "$arraydatatime[0]/$arraydata[1]/$arraydata[0] $arraydatatime[1]"; } ?>