con este se logeo, se llama login.php
Código PHP:
<?php
function draw_login_box()
{
global $session, $modules, $config;
$content = "";
if(!$session["logged"])
{
if(strlen($session["error"])>0) $content .= "<span class=\"error\">".$session["error"]."</span>";
$content .= "<form action=\"index.php\" name=\"login_form\" id=\"login_form\" method=\"post\">"
."<table border=0 cellpadding=2 cellspacing=0><tr><td class=\"boxtext\">"
."<span class=\"Caja de texto\">".LOGIN_NAME."</span><br>"
."<input type=\"Text\" name=\"login_name\" size=15 maxlength=20><br>"
."<span class=\"Caja de texto\">".LOGIN_PASSWD."</span><br>"
."<input type=\"Password\" name=\"login_passwd\" size=15 maxlength=20><br>"
."<input type=\"Checkbox\" name=\"login_auto\" value=\"1\">".LOGIN_AUTOLOGIN
."</td></tr><tr><td class=\"Caja de texto\" align=center>"
."<input type=\"submit\" name=\"submit_login\" value=\"".LOGIN_BUTTON."\">"
."</td></tr></table></form>" //<br><a href=\"newuser.php\">".LOGIN_REGISTER."</a><br>"
."</br><a href=\"am_lostpasswd.php\">".LOGIN_LOST_PWD."</a>";
} else {
$content = "<span class=\"login\">";
// Aca va la Foto
$cons = "select * from am_users where name='".$session["name"]."'";
$ret1 = db_query($cons) or die(db_error());
$dir_foto = "am_modules/users/";
while( $row1=db_fetch_array($ret1) ){
$fotito = $dir_foto.$session["name"].".jpg";
if (!file_exists($fotito)) {
if ($row1["sex"] == "Hombre") $dir_foto .= "sf_h.jpg";
else if ($row1["sex"] == "Mujer") $dir_foto .= "sf_m.jpg";
else $dir_foto .= "sinfoto.jpg";
}
else
$dir_foto = $fotito; //row1["url"];
}
$content .= "<center><IMG SRC=\"".$dir_foto."\" WIDTH=70 HEIGHT=106 ALT=\"TEXT\" BORDER=1></center>";
$content .= sprintf( LOGIN_WELCOME, $session["name"] );
// if message module is on, show how many messages the user has
if( $modules["messages"] )
{
$ret = db_query( "select count(cod) from {$config["prefix"]}_user_msgs where userid='{$session["uid"]}' and msg_read=0");
$tot_msg = db_result($ret,0,0);
db_free_result($ret);
$content .= sprintf( UMSG_MESSAGES, $tot_msg, "<a href=\"messages.php\">","</a>" );
}
$content .= "</span><br><br>";
$content .= "<a href=\"index.php?act=logout\" onClick=\"window.reload();\"><b>".LOGIN_LOGOUT."</b></a>";
}
theme_draw_box( LOGIN_TITLE,$content );
}
function check_user_class( $attr )
{
// Tipos de Usuarios permiten definir Perfiles
// normal - normal
// control- normal
// admin - superusuario
// compra - Adquisiciones
// $session["access"]{"modulename"] == true for every access module
global $session;
if( !$session["logged"] ) return false;
if( $session["class"] == "admin" && !($attr == "control") ) return true;
if( $session["class"] == "ctrlequ" && ($attr == "normal") ) return true;
if( $session["class"] == "bodega" && ($attr == "normal") ) return true;
if( $session["class"] == "compra" && ($attr == "normal") ) return true;
if( $session["class"] == "control" && ($attr == "normal") ) return true;
if( $session["class"] == "control" && ($attr == "ctrlequ") ) return true;
if( $session["class"] == "geren" && ($attr == "normal") ) return true;
if( $session["class"] == "geren" && ($attr == "ctrlequ") ) return true;
if( $session["class"] == $attr ) return true;
return false;
// if user is not admin, and the class must be admin, returns
if( $attr == "admin" ) return false;
return false;
if( isset($session["access"][$attr]) && $session["access"][$attr] == true ) return true;
else return false;
}
function draw_admin_box()
{
global $session;
if( !$session["logged"] ) return;
$content = "";
global $config;
$admmenu = "";
while( $entry = each( $config["admmenu"] ) )
{
if( check_user_class($entry[1]["class"]) ) $admmenu .= "<a href=\"{$entry[1]["file"]}\">{$entry[0]}</a><br>";
}
if( strlen($admmenu)>0) theme_draw_box( "Menu Usuario", $admmenu );
/*
if( check_user_class( "superuser" ) )
{
$content .= "<a href=\"adm_forum_topics.php\">Forum Topics</a><br>";
}
*/
}
function draw_users_online()
{
global $session, $config;
// Users online
$ctime = time()-800;
db_query("delete from {$config["prefix"]}_online where time < '$ctime'");
if($session["logged"]) $user = $session["uid"];
else $user = 0;
$ret=db_query("select id from {$config["prefix"]}_online where id='".session_id()."'");
if(db_num_rows($ret)) db_query("update {$config["prefix"]}_online set time='".time()."', uid='$user' where id='".session_id()."'");
else db_query("insert into {$config["prefix"]}_online(id,time,uid) values('".session_id()."','".time()."','$user')");
db_free_result($ret);
$ret = db_query("select count(id) from {$config["prefix"]}_online");
$tot_users = db_result($ret,0,0);
db_free_result($ret);
$ret = db_query("select count(id) from {$config["prefix"]}_online where uid=0");
$tot_guests = db_result($ret,0,0);
db_free_result($ret);
$content = sprintf( USERS_ONLINE_TEXT, ($tot_users-$tot_guests), $tot_guests, "<a href=\"am_online.php\">", "</a>" );
theme_draw_box( USERS_ONLINE, $content );
}
function create_autologin( $passwd, $activate_session )
{
global $HTTP_SESSION_VARS;
$sess = $HTTP_SESSION_VARS["session"];
if( !$sess["logged"] ) return;
$cookie = sprintf( "%010d", $sess["uid"] );
$cookie .= substr(md5($sess["name"]),0,10);
$cookie .= substr(md5($passwd),0,10);
$cookie .= substr(md5($activate_session),0,10);
setcookie( "phpwebthings", $cookie, time()+2592000 );
}
function delete_autologin()
{
global $HTTP_COOKIE_VARS;
$cookie = $HTTP_COOKIE_VARS["phpwebthings"];
setcookie( "phpwebthings", $cookie, time()-3600 );
}
function check_autologin()
{
global $HTTP_SESSION_VARS, $HTTP_COOKIE_VARS, $session, $config;
$sess = $HTTP_SESSION_VARS["session"];
if( !isset( $HTTP_COOKIE_VARS["phpwebthings"] ) ) return;
$cookie = $HTTP_COOKIE_VARS["phpwebthings"];
$id = intval(substr($cookie,0,10));
$ret = db_query("select * from {$config["prefix"]}_users where uid='$id' and active='Y'");
if(!$ret)
{
$session["error"] = "An error ocurred trying to check auto-login";
delete_autologin();
return;
}
if(db_num_rows($ret)!=1)
{
$session["error"] = "Login failed";
db_free_result($ret);
delete_autologin();
return;
}
$row = db_fetch_array($ret);
db_free_result($ret);
$mdh = substr($cookie,10,30);
$mdr = substr(md5($row["name"]),0,10).substr(md5($row["password"]),0,10).substr(md5($row["session"]),0,10);
if( $mdh != $mdr )
{
$session["error"] = "Login failed";
delete_autologin();
return;
}
// setup the session
$session["uid"] = $row["uid"];
$session["name"] = $row["name"];
$session["class"] = $row["class"];
$session["rutusr"] = $row["rut_usr"];
$session["logged"] = true;
$session["access"] = array();
// echo $session["name"].$session["rutusr"];
// get modules access for the user
$retacc = db_query("select module from {$config["prefix"]}_user_access where userid={$session["uid"]}");
if(!$retacc) {
$session["error"] = "An error ocurred trying to check login";
} else {
while( $row_access = db_fetch_array($retacc) )
{
$session["access"][$row_access["module"]] = true;
}
db_free_result( $retacc );
}
// update some data into user table
@db_query("update {$config["prefix"]}_users set lastvisit=NOW(), logins=logins+1 where uid='{$session["uid"]}'");
}
?>