debug = 0; $templ->set_file(array( admin => "admin.tpl" )); $templ->set_var(array( MESSAGE => "You have no authority. Login to gain it.", TITLEBAR => getTitleBar("100%","Login"), ACTION_URL => "$PHP_SELF" )); $templ->parse(OUT,"admin"); $templ->p(OUT); } /* * * END OF FUNCTIONS. START OF PAGE. * */ $sl_q = new slashDB; page_open(array("sess"=>"slashSess")); /* If there is a username and a password (but not a seclev) look it up and if there's a match record the aid, pwd and seclev in the session */ if (isset($password) and isset($author_name) && !(isset($seclev))) { $query = "SELECT seclev,author_id FROM psl_author WHERE author_name='$author_name' AND password='$password'"; $sl_q->query($query); if ($sl_q->next_record()) { $seclev = $sl_q->Record["seclev"]; $author_id = $sl_q->Record["author_id"]; $sess->register("author_id"); $sess->register("author_name"); $sess->register("seclev"); $sess->register("password"); } // Log it :) logwrite("Admin Login", "$author_name ($author_id) logged in"); } /* --------------------------------------------------------------------- Check to see if user wants to log out, if so, delete their session. We must do this after a page_open call, but before any data is sent to the browser so we can delete the session cookie. Note that you can't call page_close one you've deleted the session ---------------------------------------------------------------------*/ if ($op=="logout") { logwrite("Admin Logout", "$author_name ($author_id) logged out"); $sess->delete(); $seclev = 0; $author_name = ""; $author_id = ""; $password = ""; echo "Session destroyed. You are now logged out."; } slashhead($pagetitle,$xsiteobject); /* Check if any of the security vars are missing, if so, make someone login */ if (!(isset($seclev) && isset($author_name) && isset($password))) { display_login(); } else { // Need to check for password from db even if $author_name and $pwd // is given via GET // Heh. This will kill any seclev passed via GET! // [nh.. This double checks the seclev from db // It seems like a useless feature becasue it's been unset and // re-read from the session data, or checked already, seems like // an extra db call for nothing to me] $seclev = 0; $sl_q = new slashDB; $sl_q->query("SELECT seclev FROM psl_author WHERE author_name='$author_name' AND password='$password'"); if ($sl_q->next_record()) { $seclev = $sl_q->Record["seclev"]; } if ($seclev > 0) { titlebar("100%","Welcome to the Administration Screen"); echo "

A bunch of cool things like latest site activity and stats should go here. But until they do, just pick something from the NavBar and go about your duties...

\n"; $cmt = new Comment; echo "Pending Comments
\n"; echo $cmt->listPending(); } else { display_login(); } } echo " "; slashfoot(); if ($op != "logout") { page_close(); } ?>