You need to login in order to access this page. ".
"If you do not have an account, please ".
"register. ";
else
$need_login = "
(If you do not have an account with us, ".
"you can register ".
"here.)
";
if ($form['FormAction'] != '') {
// Check role of a user who has successfully logged in and
// adjust priviledge accordingly.
if (($role = get_role($form['login_name'], $form['password'])) != '') {
// Unregister previous login session variables
if (session_is_registered("admin"))
session_unregister("admin");
if (session_is_registered("owner"))
session_unregister("owner");
// maybe don't need this.
session_register("logged_in");
$_SESSION['UID'] = get_user_id($form['login_name'], $form['password']);
// now priviledge-based session registration
switch($role) {
case "admin":
session_register("admin");
break;
case "owner":
session_register("owner");
break;
}
echo
"";
// if user logs in by clicking "login" button, tell them that they
// have successfully logged in and update the calling page accordingly.
// The calling page can be main map page or edit page, etc which
// requires some sort of priviledge.
if ($from_page == '') {
echo "";
exit;
}
else {
echo
"";
}
}
// if no role is defined for this user, issue error and he is not a
// valid user at all
else
$login_err = 'ユーザー名かパスワードが違います。';
}
function get_role($login_name, $password) {
global $db;
// Connect to the database, fetch the role of this user with their
// submitted login_name and password
// Get encrypted password to supply as sult for crypt function.
$sql_select = "SELECT encrypted_password FROM login_user " .
"WHERE login_name = " . tosql($login_name);
$db->query($sql_select);
$nrows = $db->num_rows();
//echo "nrows = $nrows";
if ($nrows != 1)
return null;
$db->next_record();
$encrypted_password = trim($db->f("encrypted_password"));
$sql_select = "SELECT role FROM login_user WHERE login_name = " .
tosql($login_name) .
" AND encrypted_password = " .
tosql(crypt($password, $encrypted_password));
//echo "encrypted_password = $encrypted_password, sql_select = $sql_select";
$db->query($sql_select);
$nrows = $db->num_rows();
if ($nrows != 1)
return null;
$db->next_record();
$role = trim($db->f("role"));
return $role;
}
function get_user_id($login_name, $password) {
global $db;
// Get encrypted password to supply as sult for crypt function.
$sql_select = "SELECT encrypted_password FROM login_user " .
"WHERE login_name = " . tosql($login_name);
$db->query($sql_select);
$nrows = $db->num_rows();
//echo "nrows = $nrows";
if ($nrows != 1)
return null;
$db->next_record();
$encrypted_password = trim($db->f("encrypted_password"));
// Connect to the database, fetch the role of this user with their
// submitted login_name and password
$sql_select = "SELECT login_user_id FROM login_user WHERE login_name = " .
tosql($login_name) .
" AND encrypted_password = " .
tosql(crypt($password, $encrypted_password));
$db->query($sql_select);
$nrows = $db->num_rows();
if ($nrows != 1)
return null;
$db->next_record();
$login_user_id = trim($db->f("login_user_id"));
return $login_user_id;
}
?>
ログイン