"; if (strlen(trim($password_val)) == "") $errmsg.= "Password must not be empty
"; } //-----------------------Login----------------------------------------- if (($REQUEST_METHOD == "POST") and ($errmsg == "")) { //------------------------- Fetch Role -------------------------- $sql9 = "select * from tab_user where user_name='$user_name' and active='1' order by user_id"; $result9 = mysql_query($sql9,$db) or ("unable to select file id"); $num9 = mysql_numrows($result9); $affect = mysql_affected_rows(); $mi = 0; while ($mi < $num9) { $role = mysql_result($result9,$mi,"role"); $user_id = mysql_result($result9,$mi,"user_id"); $pass = mysql_result($result9, $mi, "password"); ++$mi; } if ($affect > 0) { if ($pass <> $password) { $accesses++; setcookie("accesses", $accesses, 0); if ($accesses >= 5) { setcookie("badlock", "invalid", time() + 3600); setcookie("bad_user", $user_name, time() + 3600); setcookie("accesses"); //$lock_at = date("d") . "\\" . date("m") . "\\" . date("Y") . " " . date("H:i"); $lock_at = date("d / m / Y H:i"); $sql = "insert into tab_user_log(user_id, user_name, lock_at) values($user_id, '$user_name', '$lock_at')"; $result = mysql_query($sql, $db) or die ("unable to insert in log table"); } $errmsg .= "invalid password.
"; } if ($pass == $password) { if (($badlock <> "") and ($bad_user == $user_name)) { header("location:login_lock.php"); } else { $role=$role; setcookie("scook_role",$role,0); setcookie("scook_id",$user_id,0); setcookie("scook_name",$user_name,0); setcookie("cook_user_name", $user_id, 0); //@ns added //Okay this is an extra security measure for the pages. //Now we assign session variables for the role/password. ////note: this information is used in validate $_SESSION["user_pass"]=$pass; /*End my part*/ header("location:admin.php"); } } } else { $errmsg .= "invalid user name or password.
"; } /* $role=$role; //---------Set cookie------------- setcookie("scook_role",$role,0); setcookie("scook_id",$user_id,0); setcookie("scook_name",$user_name,0); setcookie("cook_user_name"); setcookie("cook_user_name", $user_id, time() + 600); //-------------------------Checking For Login----------------------- $sql1 = "select * from tab_user where user_id='$user_id' and active='1' order by user_id"; $result1 = mysql_query($sql1,$db) or ("unable to select user"); $affect = mysql_affected_rows(); if ($affect > 0) { setcookie("accesses"); if (! $accesses >= 5) { header("location:admin.php"); } else {
User Login locked for one hour.
exit; } } else { $accesses++; setcookie("accesses",$accesses,0); setcookie("bad_user", $user_name, time() + 3600); $errmsg.= "Wrong Username or password"; } */ } ?> Global History of Health Project
New User Account
Password
 
  Login
 
Username
Password
 
This project is funded by the National Science Foundation Site designed by BlueLine
Global History of Health Symposium posters.