<?php
session_start();
-require_once('gnucomo_config.php');
+require_once('classes/gnucomo_config.php');
include "functions.php";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
</head>
<body>
<?php
-if( isset($_POST["username"]) and isset($_POST["password"]) and isset($_SESSION['login']) ) {
- $name = $_POST["username"]; // PostgreSQL username
- $passw = $_POST["password"]; // PostgreSQL user password
+
+if (empty($_SESSION["username"]))
+{
+
+if( isset($_POST["username"]) and isset($_POST["password"]) and isset($_SESSION['login']) )
+{
+ $name = $_POST["username"]; // PostgreSQL username
+ $passw = $_POST["password"]; // PostgreSQL user password
$config = new gnucomo_config;
$config->read("gnucomo");
- //echo "Database Access string = " . $config->Database();
-
- $conn = pg_connect($config->Database());
- // connect to the database
- //$conn = pg_Connect( "host=$pgsqlhost port=$pgsqlport dbname=$dbname user=$name password=$passw" );
- if( !$conn ) {
- echo "Error connecting, try again.";
- echo login_form();
- $_SESSION["login"] = true;
- } else {
- $sql = "SELECT * FROM user_gnucomo WHERE username='$name' and password='$passw'";
- $res = query( $conn, $sql );
+ // connect to the database
+ //echo "Database connection = " . $config->Database($name, $passw) . "<br>";
+ $conn = pg_connect($config->Database($name, $passw));
- if( $res[0] ) {
- if ($res[2] == 1)
- {
- $arr = pg_fetch_array( $res[1], 0 );
- $_SESSION["login.ini"] = $arr;
- }
- else
- {
- echo "Login incorrect.<br>";
- }
+ if ( !$conn )
+ {
+ echo "Error connecting, try again.";
+ echo login_form();
+ }
+ else
+ {
+ $sql = "SELECT * FROM usr WHERE username='$name'";
+ $res = pg_exec( $conn, $sql );
+ if ($res && pg_numrows($res) == 1)
+ {
+ echo "<br> Database login OK.<br>";
+ session_register('username');
+ $_SESSION["username"] = $name;
+ session_register('password');
+ $_SESSION["password"] = $passw;
+ }
+ else
+ {
+ // User not found in database. Check if we have any users at all.
- // user is authorised, step to next page.
- echo "Ok!";
- } else {
- pgsql_error( "SQL: error.<br>" . $res[3] );
- }
- }
-} else {
- echo login_form();
- $_SESSION["login"] = true;
+ $res = pg_exec($conn, "SELECT count(username) FROM usr");
+ $nusers = pg_fetch_object($res, 0);
+ $nusers = $nusers->count;
+ if ($nusers == 0)
+ {
+ echo "<br>No users in database. Authentication granted.<br>";
+ session_register('username');
+ $_SESSION["username"] = $name;
+ session_register('password');
+ $_SESSION["password"] = $passw;
+ }
+ else
+ {
+ echo "<br>User $name not found in database.<br>";
+ }
+ }
+ }
+}
+else
+{
+ echo login_form();
+ $_SESSION["login"] = true;
+}
+}
+else
+{
+ echo "Logged in as " . $_SESSION['username'] . "<br>";
}
?>
</body>