addElement('text', 'userid', 'User ID : ', array('size' => 15, 'maxlength' => 20)); $form->addElement('password', 'password', 'Password : ', array('size' => 15, 'maxlength' => 20)); $form->addElement('header', null, 'Note that passwords are case sensitive'); $form->addElement('submit', null, 'Login'); if($form->validate()) { $form->process('process_login', false); } else { $EndBodyJavaScript = << EOF; showPageForm("", $form, 'login.tpl', "Lost password? Click here"); } } function process_login($values) { global $db, $settings; global $userid; global $perm; global $username; global $userfullname; global $isdemo; $userid = mysql_real_escape_string($values['userid']); $password = mysql_real_escape_string($values['password']); include("chklog.inc"); $query = 'SELECT u.id as uid, decode(u.passwd, ?) as password, u.permissions as permissions, ' . 'd.fname as fname, d.sname as sname, postcode, gmc_expiry, pi_expiry, capabilities, uflags ' . 'FROM users as u, userdetail as d WHERE u.id = d.id AND u.id = ?'; $res =& $db->query($query, array($settings['decode'], $userid)); if(DB::isError($res)) ShowError("Error reading from database"); if($res->numRows() == 1) { $perm = 'N'; $row =& $res->fetchRow(); if($password == $row->password) $perm = $row->permissions; // Set permission else { LogEvent("Login_Failed", $row->uid . ': Incorrect password'); if(isset($_SESSION['userid'])) session_destroy(); $cont = "

Login Error

Incorrect UserID or Password

" . "If you have lost your password or UserID please " . "Click here.

" . makeURL("Click this link to try to login again", BuildURL(SELF, array())); showPage("", $cont, 'herts.sty'); Finish(); exit; } if($perm == 'N' || $perm == 'P' || $perm == 'Q') { // Display a special screen explaining LogEvent("Login_Failed", ': Failed login - Permissons are: ' . $perm); $mess = "

Permission Denied

" . NP; $mess .= "Your account has not yet been activated." . NP; $mess .= "If you believe that this account should have been activated by now, please contact "; $mess .= "the administrator by " . EADMIN . "." . NP; showPage("", $mess, "herts.sty"); if(isset($_SESSION['userid'])) session_destroy(); exit; } if($row->uflags & USER_NoUserLogin) { LogEvent("Login_Failed", ': Failed login - flags are: ' . $row->uflags); $mess = "

Login Permission Denied

" . NP; $mess .= "Login on your account has been deactivated." . NP; $mess .= "If you believe that this account should be activated, please contact "; $mess .= "the administrator by " . EADMIN . "." . NP; showPage("", $mess, "herts.sty"); if(isset($_SESSION['userid'])) session_destroy(); exit; } if($perm == 'X') { // Display a message explaining LogEvent("Login_Failed", ': Failed login - Permissons are: ' . $perm); $mess = "

Account Disabled

" . NP; $mess .= "Your account has been disabled." . NP; $mess .= "If you believe this to be in error, please contact "; $mess .= "the administrator by " . EADMIN . "." . NP; showPage("", $mess, "herts.sty"); if(isset($_SESSION['userid'])) session_destroy(); exit; } // Check for any Cookie Settings if(isset($_COOKIE['options'])) { $cookieData = unserialize(stripslashes($_COOKIE['options'])); $_SESSION['NoWYSIWYG'] = $cookieData['NoWYSIWYG']; $_SESSION['Debugging'] = $cookieData['Debugging']; } $username = $row->sname . ", " . $row->fname; $userfullname = $row->fname . " " . $row->sname; $isdemo = $settings['demo']; $userid = $row->uid; // Ensure that userid is the one in the files LogEvent("Login_OK", $userfullname . ' - Permissons: ' . $perm); $_SESSION['userid'] = $userid; $_SESSION['perm'] = $perm; $_SESSION['permb'] = getUserType($perm, $row->capabilities); $_SESSION['capabilities'] = $row->capabilities; $_SESSION['uflags'] = $row->uflags; $_SESSION['username'] = $username; $_SESSION['userfullname'] = $userfullname; $_SESSION['isdemo'] = $isdemo; $_SESSION['transaction'] = ""; $_SESSION['ProgramTest'] = "SET"; $_SESSION['ProgramPath'] = pathinfo($_SERVER['REQUEST_URI']); DBLog("Session set up", $_SESSION); unset($_SESSION['transaction']); $forceUpdate = false; if($settings['options']['CheckDates']) { list($descrip, $MyType, $group, $position) = explode(",", $settings['UserTypes'][$perm]); if($MyType == 'U') // Doctor type { if(MySQLDateToTimestamp($row->gmc_expiry) < time()) { $forceUpdate = true; $Reason = "GMC Registration Date has expired"; } if(MySQLDateToTimestamp($row->pi_expiry) < time()) { $forceUpdate = true; $txt = "Professional Insurance Validity has expired"; if(isset($Reason)) $Reason = $Reason . " and " . $txt; else $Reason = $txt; } } else if($MyType == 'S') // Nurse { if(MySQLDateToTImestamp($row->gmc_expiry) < time()) { $forceUpdate = true; $Reason = "Nurse/Midwifery PIN Validity has expired"; } } } if($row->postcode == 'UNSET' || $forceUpdate) { if($row->postcode == 'UNSET') unset($_SESSION['reason']); else $_SESSION['reason'] = $Reason; LogEvent($forceUpdate ? "ForceUpdt" : "Complete", $forceUpdate ? $Reason : "Details Completion"); $_SESSION['unset'] = true; session_write_close(); showNextPage(GetMyDirPath() . "/usercomp.php", true); } else { session_write_close(); showNextPage(GetMyDirPath() . "/menu.php", true); } } else { LogEvent("Login_Failed", $userid . " Not found"); session_destroy(); $cont = "

Login Error

Incorrect UserID or Password

" . "If you have lost your password or UserID please " . "Click here.

" . makeURL("Click this link to try to login again", BuildURL(SELF, array())); showPage("", $cont, 'herts.sty'); Finish(); exit; } } ?>