<?php
//Displays signin Form.
function DispForm($msg) {
//Displays a text only response if the page is being sent an AJAX request.
if ($_REQUEST["VIEW"]==="text") die("Your session has expired.");
$html = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
<title>Login</title>
<style type=\"text/css\">
body {
background-image: url(images/Binary.jpg);
color: #FFF;
background-position: 40% center;
background-repeat: no-repeat;
background-color: #000;
background-attachment: fixed;
}
h1 {
color: #903;
font-family: \"Courier New\", Courier, monospace;
";
//Changes styles if a message is displayed.
if ($msg) $html .= "margin-bottom: 0px;";
$html .= "}
form input.field {width: 143px;}
p {margin: 12px;}
</style>
<script type=\"text/javascript\" src=\"scripts/sha1.js\"></script>
<script type=\"text/javascript\">
function $(id) {
return document.getElementById(id);
}
function Validate() {
if (!document.login.user.value || !\$(\"key\").value) {
if (!document.login.user.value) document.login.user.style.backgroundColor=\"#FF7575\";
if (!\$(\"key\").value) \$(\"key\").style.backgroundColor=\"#FF7575\";
return false;
}
document.login.pass.value = hex_sha1(\$(\"key\").value);
document.login.submit();
return true;
}
</script>
</head>
<body><br />
<h1 align=\"center\">SQL Administration</h1>\n";
//Displays msg username/password and logged out successfully messages.
if ($msg===1) $html .= "\n<p style=\"color:red;margin:12px;font-family:calibri;\" align=\"center\">Invalid username or password.</p>\n";
else if ($msg===2) $html .= "\n<p style=\"color:#4BDD3C;margin:12px;font-family:calibri;\" align=\"center\">You have logged out successfully.</p>\n";
$html .= "<form action=\"\" method=\"post\" name=\"login\" onsubmit=\"return Validate();\">
<input type=\"hidden\" name=\"do\" value=\"login\" />
<input type=\"hidden\" name=\"pass\" value=\"\" />
<table border=\"0\" align=\"center\">
<tr><td>Username:</td>
<td><input class=\"field\" type=\"text\" name=\"user\" onfocus=\"this.style.backgroundColor='#FFFFCC';\" onblur=\"this.style.backgroundColor='#FFFFFF';\" /></td></tr>
<tr><td>Password:</td>
<td><input class=\"field\" type=\"password\" id=\"key\" onfocus=\"this.style.backgroundColor='#FFFFCC';\" onblur=\"this.style.backgroundColor='#FFFFFF';\" /></td></tr>
</table><br />
<center><input type=\"submit\" value=\" Login \" /></center>
</form>
</body>
</html>";
die($html);
}
//Creates session amd stores login information.
function Login() {
session_start();
$_SESSION["ip"] = $_SERVER['REMOTE_ADDR'];
$_SESSION["user"] = $_POST["user"];
}
//Connects to database with account information.
function DBCon() {
global $con;
$con = @mysqli_connect("localhost", "NO", "bleh","testdb");
if (mysqli_connect_errno()) {
printf("Connection failed: %s\n", mysqli_connect_error());
exit();
}
}
//Checks for a valid session.
session_start();
if ($_SESSION["ip"]!=$_SERVER["REMOTE_ADDR"]) {
//Checks if user is logging in
if ($_POST["do"]==="login" && isset($_POST["user"]) && isset($_POST["pass"])) {
//Fetching account information.
DBCon();
$query = "SELECT * FROM Users WHERE User = '" . $_POST["user"] ."';";
$res = mysqli_query($con,$query) or
die(mysqli_error($con));
//Checks if username exists.
if (mysqli_num_rows($res)) {
$res = mysqli_fetch_array($res, MYSQLI_ASSOC);
} else DispForm(1);
//Validates password.
if ($_POST["pass"]===$res["Pass"]) Login();
else DispForm(1);
} else DispForm(0);
} else if ($_REQUEST["do"]==="logout") {
session_destroy();
DispForm(2);
}
?>