auth.inc

一个用php+mysql做的图书馆管理系统

<?php
/**************************************************************************************

    Simple Library System
    Copyright (C) 2002 John Mark Matthews

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    
    For further information, contact:
    	John Matthews
    	jmatthews@exostrategy.com

***************************************************************************************/

reg('COOKIE','library_cookie');

$user = explode(" ","$library_cookie");

$sql  = "select p.person_id, p.first_name, p.last_name, l.login_id, session_seq, ip_addy ";
$sql .= "from tbl_login l, tbl_login_status s, tbl_person p ";
$sql .= "where l.login_id=p.login_id and ";
$sql .= "login='$user[0]' and ";
$sql .= "l.login_id=s.login_id and ";
$sql .= "l.admin_flag=1";
$r = mysql_query($sql);

if(mysql_num_rows($r)==0) {
	$global_is_admin = false;
}

$ip_addy =  getenv ("REMOTE_ADDR");
$chkusr = mysql_fetch_array($r);
if((base64_decode ($user[1]) != $chkusr["session_seq"]) || ($ip_addy !=  $chkusr["ip_addy"])) {
	$global_is_admin = false;
}else{
	$global_login_id = $chkusr["login_id"];
	$global_person_id = $chkusr["person_id"];
	$global_person_name = $chkusr["first_name"]." ".$chkusr["last_name"];
	$global_is_admin = true;
}

if(!$global_is_admin){
	$sql  = "select p.person_id, p.first_name, p.last_name, l.login_id, session_seq, ip_addy ";
	$sql .= "from tbl_login l, tbl_login_status s, tbl_person p ";
	$sql .= "where l.login_id=p.login_id and ";
	$sql .= "login='$user[0]' and ";
	$sql .= "l.login_id=s.login_id ";
	$r = mysql_query($sql);
	if(mysql_num_rows($r)>0) {
		$chkusr = mysql_fetch_array($r);
		$global_login_id = $chkusr["login_id"];
		$global_person_id = $chkusr["person_id"];
		$global_person_name = $chkusr["first_name"]." ".$chkusr["last_name"];
	}else{
		header("Location: ./login.php");
	}
}

?>