-
Notifications
You must be signed in to change notification settings - Fork 7
/
check_auth.php
37 lines (36 loc) · 1.21 KB
/
check_auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?
session_start();
setcookie(session_name(),session_id(),time()+3600);
//echo "|$_SESSION[dropoffuser]|$_SESSION[dropoffpass]|"; exit;
if ( $_SESSION['dropofftype'] != 'Admin' && $_SESSION['dropofftype'] != 'Instructor' ) {
$_SESSION['message'] = "You're not authorized for the admin dashboard";
header("Location: student_index.php");
exit();
}
if ( !empty($_SESSION['dropoffuser']) && !empty($_SESSION['dropoffpass']) ) {
// Build the database query
$query = "SELECT * FROM dropoff_users WHERE ";
$query .= "username = '".$_SESSION['dropoffuser']."' AND ";
$query .= "password = '".$_SESSION['dropoffpass']."' AND ";
$query .= "status = 'active'";
// Execute the query and fetch the results
$result = mysql_query($query);
$row = mysql_fetch_array($result);
// check for a match
if ( !is_numeric($row['uid']) ) {
$_SESSION = array();
setcookie(session_name(), '', time()-3600, session_id());
@session_destroy();
exit();
}
// set a variable to store the user id
$user_id = $row['uid'];
}
else {
$_SESSION = array();
setcookie(session_name(), '', time()-3600, session_id());
@session_destroy();
header("Location: login.php?message=You must login to do that");
exit();
}
?>