debug = 0;
$templ->set_file(array(
admin => "admin.tpl"
));
$templ->set_var(array(
MESSAGE => "You have no authority. Login to gain it.",
TITLEBAR => getTitleBar("100%","Login"),
ACTION_URL => "$PHP_SELF"
));
$templ->parse(OUT,"admin");
$templ->p(OUT);
}
/*
*
* END OF FUNCTIONS. START OF PAGE.
*
*/
$sl_q = new slashDB;
page_open(array("sess"=>"slashSess"));
/* If there is a username and a password (but not a seclev) look it up
and if there's a match record the aid, pwd and seclev in the session */
if (isset($password) and isset($author_name) && !(isset($seclev))) {
$query = "SELECT seclev,author_id
FROM psl_author
WHERE author_name='$author_name'
AND password='$password'";
$sl_q->query($query);
if ($sl_q->next_record()) {
$seclev = $sl_q->Record["seclev"];
$author_id = $sl_q->Record["author_id"];
$sess->register("author_id");
$sess->register("author_name");
$sess->register("seclev");
$sess->register("password");
}
// Log it :)
logwrite("Admin Login", "$author_name ($author_id) logged in");
}
/* ---------------------------------------------------------------------
Check to see if user wants to log out, if so, delete their session.
We must do this after a page_open call, but before any data is sent to
the browser so we can delete the session cookie. Note that you can't
call page_close one you've deleted the session
---------------------------------------------------------------------*/
if ($op=="logout") {
logwrite("Admin Logout", "$author_name ($author_id) logged out");
$sess->delete();
$seclev = 0;
$author_name = "";
$author_id = "";
$password = "";
echo "Session destroyed. You are now logged out.";
}
slashhead($pagetitle,$xsiteobject);
/* Check if any of the security vars are missing, if so, make someone login */
if (!(isset($seclev) && isset($author_name) && isset($password))) {
display_login();
} else {
// Need to check for password from db even if $author_name and $pwd
// is given via GET
// Heh. This will kill any seclev passed via GET!
// [nh.. This double checks the seclev from db
// It seems like a useless feature becasue it's been unset and
// re-read from the session data, or checked already, seems like
// an extra db call for nothing to me]
$seclev = 0;
$sl_q = new slashDB;
$sl_q->query("SELECT seclev
FROM psl_author
WHERE author_name='$author_name'
AND password='$password'");
if ($sl_q->next_record()) {
$seclev = $sl_q->Record["seclev"];
}
if ($seclev > 0) {
titlebar("100%","Welcome to the Administration Screen");
echo "
A bunch of cool things like latest site activity and stats should go here. But until they do, just pick something from the NavBar and go about your duties...
\n";
$cmt = new Comment;
echo "Pending Comments
\n";
echo $cmt->listPending();
} else {
display_login();
}
}
echo " ";
slashfoot();
if ($op != "logout") {
page_close();
}
?>