session_start(); include_once '../../includes/functions.php'; connect_isrm($conn, $db); if($_GET['logout'] == "yes"){ $_SESSION['usernamecmp'] = NULL; $_SESSION['isrmcmp2314554adminsession'] = NULL; unset($_SESSION['isrmcmp2314554adminsession'],$_SESSION['usernamecmp']); header("Location: index.php"); } if(isset($_SESSION['isrmcmp2314554adminsession']) && $_SESSION['isrmcmp2314554adminsession'] == true && $_SESSION['usernamecmp'] != ""){ header("Location: main.php"); } else { $_SESSION['isrmcmp2314554adminsession'] = false; } //include 'includes/httpsocket.php'; if($_POST['submit'] == 'Login'){ //Backend Access Array $username = str_replace("'","",trim($_POST['username'])); $password = str_replace("'","",trim($_POST['password'])); list($usernameshort,$trash) = explode("@",$username); $array3 = array('dean','kerri'); $sql = "select * from console_logins where username = '".$username."' and password=md5('".$password."')"; $query = mysql_query($sql); if(mysql_num_rows($query) == 0) { $sql = "select c.*,m.id as manid from clients c left join cmp_manual m on m.clients = c.id where username = '".$username."' and password='".$password."'"; $query = mysql_query($sql); if(mysql_num_rows($query) == 0) { $access = 0; $error = "Username and Password combination incorrect"; } else { $row = mysql_fetch_assoc($query); $_SESSION['usernamecmp'] = $username; $_SESSION['accessclient'] = 1; $_SESSION['clientid'] = $row['id']; $_SESSION['isrmclient2314554adminsession'] = false; header('location: ../index_manual.php?manualid='.$row['manid']); } } else { $accesslvl = ""; if(in_array($usernameshort,$array3) || 1==1){ $accesslvl = 3; } if($accesslvl == ""){ $access = 0; $error = "You do not have permission to access this area"; } else { $access = 1; } } if($access == 1){ $_SESSION['usernamecmp'] = $_POST['username']; $_SESSION['isrmcmp2314554adminsession'] = true; echo ""; } } ?>