<?php
class Admin
{
var $adminID;
var $adminName;
var $adminSecure;
var $adminPermission;
function __construct()
{
$this->adminID = 0;
$this->Init();
}
function Init()
{
global $CLASSDB;
if (isset($_SESSION["x_pradmin"]) && !empty($_SESSION["x_pradmin"])) {
$admin = $_SESSION["x_pradmin"];
} elseif (isset($_COOKIE["x_pradmin"]) && !empty($_COOKIE["x_pradmin"])) {
$admin = $_COOKIE["x_pradmin"];
}
$admin = (isset($admin)) ? preg_replace("/[^a-zA-Z0-9]/", "", trim($admin)) : 0;
$res = (empty($admin)) ? array() : $CLASSDB->fetch_array($CLASSDB->query("SELECT `ad_id`, `ad_username`, `ad_secure`, `ad_permission`, `ad_active` FROM {$CLASSDB->dbPrefix}admins WHERE (`ad_secure` = '$admin')"));
if ($res) {
if (!strcmp($res["ad_active"], "Y")) {
$this->adminID = $res["ad_id"];
$this->adminName = $res["ad_username"];
$this->adminSecure = $res["ad_secure"];
$this->adminPermission = $res["ad_permission"];
$_SESSION["x_pradmin"] = $res["ad_secure"];
setcookie('x_pradmin', $res["ad_secure"], time() + (3600 * 6), '/');
} else {
$this->Logout(2);
}
} else {
$this->Login();
}
}
function Login()
{
global $CLASSDB;
if ($_POST) {
$username = (isset($_POST["username"])) ? preg_replace("/[^a-zA-Z0-9\s]/", "", trim($_POST["username"])) : "";
$pass = (isset($_POST["password"])) ? preg_replace("/[^a-zA-Z0-9]/", "", trim($_POST["password"])) : "";
if (empty($username) || empty($pass)) {
header("Location: ./index.php?err=1");
} else {
$res = $CLASSDB->fetch_array($CLASSDB->query("SELECT * FROM {$CLASSDB->dbPrefix}admins WHERE (`ad_username` = '$username') AND (`ad_password` = '" . md5($pass) . "')"));
if ($res) {
if (!strcmp($res["ad_active"], "Y")) {
$adminSecure = md5(time() . $res["ad_id"]);
$_SESSION["x_pradmin"] = $adminSecure;
setcookie('x_pradmin', $adminSecure, time() + (3600 * 6), '/');
$CLASSDB->query("UPDATE {$CLASSDB->dbPrefix}admins SET `ad_secure` = '$adminSecure' WHERE (`ad_id` = '{$res["ad_id"]}')");
header("Location: ./index.php");
} else {
header("Location: ./index.php?err=2");
}
} else {
header("Location: ./index.php?err=1");
}
}
die();
}
}
function Logout($err = "")
{
setcookie('x_pradmin', "", time() - (3600 * 24), '/');
unset($_SESSION["x_pradmin"]);
header("Location: ./index.php" . (!empty($err) ? "?err=3" : ""));
die();
}
function GetErrorMessage()
{
$error = (isset($_GET["err"])) ? preg_replace("/[^0-9]/", "", trim($_GET["err"])) : 0;
switch ($error) {
case 1:
$message = "Wrong username and / or password";
break;
case 2:
$message = "This account has been deactivated";
break;
default:
$message = "";
}
return empty($message) ? '' : '<div class="lc-error">' . $message . '</div>';
}
}