log_out(); return false; } $db = new DB(); $db->open(); $md5 = $password; // strtoupper(md5($password)); $login_type = mysql_escape_string($login_type); $login_id = mysql_escape_string($login_id); $password = mysql_escape_string($password); $sql = "SELECT * FROM registered_users WHERE (Deleted='N') AND (bCompanyName = '$login_type') AND (LoginID='$login_id') AND (Password='$password')"; // AND (length(TempPassword) = 0)) OR (TempPassword='$password') $result = $db->execute_reader($sql); /* if ( count($result) == 0 ) { $sql = "SELECT * FROM registered_users WHERE (Deleted = 'N') AND (Disabled = 'N') AND (bEmail='$login_id') AND (length(bEmail) > 6)"; $result = $db->execute_reader($sql); } */ $message = "Login ID or Password are invalid."; if (count($result) == 1) { /* $sql = "SELECT Trial, EndDate FROM order_details WHERE (UserID = " . $result[0]["UserID"] . ") ORDER BY EndDate DESC LIMIT 1"; $r1 = $db->execute_reader($sql); $end_date = $r1[0]["EndDate"]; $this->trial = $r1[0]["Trial"] == "Y" ? "Y" : "N"; */ $end_date = date("Y-m-d"); if ($result[0]["Disabled"] == "Y") { $message = "Account is disabled."; } else if ( $end_date < date("Y-m-d") ) { $message = "Subscription period has expired."; } else { $user_id = $result[0]["UserID"]; $sql = "INSERT INTO login_tracking(UserID, PasswordID, CreationDate) VALUES ($user_id, NULL, NOW())"; $db->execute_non_query($sql); $message = ""; } } else { $sql = "SELECT * FROM global_passwords " . "WHERE (Deleted='N') AND (Password = '" . mysql_escape_string($password) . "')"; $result = $db->execute_reader($sql); if (count($result) == 1) { $password_id = $result[0]["PasswordID"]; $sql = "SELECT * FROM registered_users WHERE (Deleted='N') AND (LoginID='" . mysql_escape_string($login_id) . "')"; $result = $db->execute_reader($sql); if (count($result) == 1) { $user_id = $result[0]["UserID"]; $sql = "INSERT INTO login_tracking(UserID, PasswordID, CreationDate) " . "VALUES ($user_id, $password_id, NOW())"; $db->execute_non_query($sql); $message = ""; } } } $db->close(); if (!empty($message)) { $this->log_out(); return $message; } /* if (count($result) != 1) { $this->log_out(); return false; } elseif (($result[0]["LoginID"] != $login_id) || (($result[0]["Password"] != $password) && ($result[0]["TempPassword"] != $password))) { $this->log_out(); return false; } */ $this->loadData($result[0]); return $message; } function loadData($row) { $this->db_row = $row; $this->user_id = $row["UserID"]; $this->login_id = $row["LoginID"]; $this->password = $row["Password"]; $this->tempPassword = $row["TempPassword"]; $this->logo_image = $row["LogoImage"]; $this->logo_image1 = $row["LogoImage1"]; $this->roles = $row["Roles"]; $this->businessEvents = $row["BusinessEvents"]; $this->socialEvents = $row["SocialEvents"]; $this->bCompanyName = $row["bCompanyName"]; $this->bFirstName = $row["bFirstName"]; $this->bLastName = $row["bLastName"]; $this->bAddress1 = $row["bAddress1"]; $this->bAddress2 = $row["bAddress2"]; $this->bCity = $row["bCity"]; $this->bState = $row["bState"]; $this->bZip = $row["bZip"]; $this->bCountry = $row["bCountry"]; $this->bPhone = $row["bPhone"]; $this->bFax = $row["bFax"]; $this->bEmail = $row["bEmail"]; $this->sCompanyName = $row["sCompanyName"]; $this->sFirstName = $row["sFirstName"]; $this->sLastName = $row["sLastName"]; $this->sAddress1 = $row["sAddress1"]; $this->sAddress2 = $row["sAddress2"]; $this->sCity = $row["sCity"]; $this->sState = $row["sState"]; $this->sZip = $row["sZip"]; $this->sCountry = $row["sCountry"]; $this->sPhone = $row["sPhone"]; $this->sFax = $row["sFax"]; $this->notes = $row["Notes"]; $this->last_session_id = $row["LastSessionID"]; } function loadUser($user_id) { $db = new DB(); $db->open(); $sql = "SELECT * FROM registered_users WHERE (Deleted = 'N') AND (UserID = $user_id)"; $result = $db->execute_reader($sql); $db->close(); if ( count($result) == 1 ) { $this->loadData($result[0]); } else { $this->log_out(); } } function loadUserByLoginID($login_id) { $db = new DB(); $db->open(); $sql = "SELECT * FROM registered_users WHERE (Deleted = 'N') AND (LoginID = '" . mysql_escape_string($login_id) . "')"; $result = $db->execute_reader($sql); $db->close(); if ( count($result) == 1 ) { $this->loadData($result[0]); } else { $this->log_out(); } } function loadUserByEmail($email) { $db = new DB(); $db->open(); $sql = "SELECT * FROM registered_users WHERE (Deleted = 'N') AND (bEmail = '" . mysql_escape_string($email) . "')"; $result = $db->execute_reader($sql); $db->close(); if ( count($result) == 1 ) { $this->loadData($result[0]); } else { $this->log_out(); } } function store() { $sb = new StatementBuilder(); $sb->add_column("LoginID", $this->login_id, false); $sb->add_column("Password", $this->password, false); $sb->add_column("TempPassword", $this->tempPassword, false); $sb->add_column("LogoImage", $this->logo_image, false); $sb->add_column("LogoImage1", $this->logo_image1, false); $sb->add_column("Roles", $this->roles, false); $sb->add_column("BusinessEvents", $this->businessEvents, false); $sb->add_column("SocialEvents", $this->socialEvents, false); $sb->add_column("bCompanyName", $this->bCompanyName, false); $sb->add_column("bFirstName", $this->bFirstName, false); $sb->add_column("bLastName", $this->bLastName, false); $sb->add_column("bAddress1", $this->bAddress1, false); $sb->add_column("bAddress2", $this->bAddress2, false); $sb->add_column("bCity", $this->bCity, false); $sb->add_column("bState", $this->bState, false); $sb->add_column("bZip", $this->bZip, false); $sb->add_column("bCountry", $this->bCountry, false); $sb->add_column("bPhone", $this->bPhone, false); $sb->add_column("bFax", $this->bFax, false); $sb->add_column("sCompanyName", $this->sCompanyName, false); $sb->add_column("sFirstName", $this->sFirstName, false); $sb->add_column("sLastName", $this->sLastName, false); $sb->add_column("sAddress1", $this->sAddress1, false); $sb->add_column("sAddress2", $this->sAddress2, false); $sb->add_column("sCity", $this->sCity, false); $sb->add_column("sState", $this->sState, false); $sb->add_column("sZip", $this->sZip, false); $sb->add_column("sCountry", $this->sCountry, false); $sb->add_column("sPhone", $this->sPhone, false); $sb->add_column("sFax", $this->sFax, false); $sb->add_column("Notes", $this->notes, false); $sb->add_column("LastSessionID", $this->last_session_id, false); if ( is_numeric($this->user_id) ) { $sb->add_column("UpdateDate", "NOW()", true); $sql = $sb->build_update("registered_users", "UserID = " . $this->user_id); } else { $sb->add_column("CreationDate", "NOW()", true); $sql = $sb->build_insert("registered_users"); } $db = new DB(); $db->open(); $db->execute_non_query($sql); $db->close(); } function is_logged() { return (strlen($this->login_id) > 0); } function is_trial() { return ($this->trial == "Y"); } function log_out() { unset($this->user_id); unset($this->login_id); unset($this->logo_image); unset($this->logo_image1); unset($this->roles); unset($this->bCompanyName); unset($this->bAddress1); unset($this->bAddress2); unset($this->bCity); unset($this->bState); unset($this->bZip); unset($this->bCountry); unset($this->bPhone); unset($this->bFax); unset($this->sCompanyName); unset($this->sAddress1); unset($this->sAddress2); unset($this->sCity); unset($this->sState); unset($this->sZip); unset($this->sCountry); unset($this->sPhone); unset($this->sFax); unset($this->notes); unset($this->last_session_id); } function update_session_id($session_id) { if (!is_numeric($this->user_id)) return; $db = new DB(); $db->open(); $sql = "UPDATE registered_users SET LastSessionID = '$session_id' WHERE UserID = " . $this->user_id; $db->execute_non_query($sql); $db->close(); $this->last_session_id = $session_id; } } ?>