admin.php

一个用php+mysql做的图书馆管理系统

<?php
/**************************************************************************************

    Simple Library System
    Copyright (C) 2002 John Mark Matthews

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

    For further information, contact:
    	John Matthews
    	jmatthews@exostrategy.com

***************************************************************************************/

include("mainfile.inc");
include("header.inc");
include("footer.inc");

reg('POST','submit','username','password');

if($username && $password) {
	/* $password = md5($password); */
	$sql = "select last_name, first_name, l.* from tbl_login l, tbl_person p where l.admin_flag=1 and l.login_id=p.login_id and l.login='$username'";
	$r = mysql_query ($sql);
	$msg="bad";
	if(mysql_num_rows($r)>0) {
		$user = mysql_fetch_array($r);
		if($user["pwd"] == $password) {
			$login_id = $user["login_id"];
			$sql = "delete from tbl_login_status where login_id=$login_id";
			$r = mysql_query ($sql);
			$session_seq = crypt ( time().$login_id.$password.$username.rand() );
			$ip_addy = getenv ("REMOTE_ADDR");
			$sql = "insert into tbl_login_status (login_id, session_seq, ip_addy) values ($login_id,'$session_seq','$ip_addy')";
			$r = mysql_query ($sql);
			$session_seq = base64_encode($session_seq);
			setcookie("library_cookie","$username $session_seq",time()+31536000);
		};
	};
	header("Location: ./index.php");
}else{
	head();
	OpenForm();
	echo Paragraph(Bold("Login"));
	OpenTable();
	echo Row(Cell("Username:").    Cell("<input name='username' type='text' size='30'>"));
	echo Row(Cell("Password:").    Cell("<input name='password' type='password' size='30'>"));
	echo Row(Cell("<input align='center' name='login' type='submit' value = 'Login'>","colspan=2 align=center"));
	CloseTable();
	CloseForm();
	foot();
}
?>