I know i need something to guard against injection, but am unsure of what to use... also are there any other holes in this script that you see???
for a page that you want to protect, you simply add these lines to the beginning of the page....
<?php
include "functions.php";
// secure(x) where x is the intended security level
secure(5);
?>
login.php
<?php
require "functions.php";
if(!empty($_SESSION["loginerror"]))
$err = $_SESSION["loginerror"];
else
$err = "";
unset($_SESSION["loginerror"]);
if(isset($_POST['username']))
{
include("database.php");
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM employee WHERE login = '$username' AND password = '$password'")
or die("Unable to verify user because : " . mysql_error());
if(mysql_num_rows($result) == 1)
{
$_SESSION['phplogin'] = "logged";
$row = mysql_fetch_assoc ( $result );
mysql_query("UPDATE employee SET lastlogin=now() WHERE id=".$row['id'])
or die(mysql_error());
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['first_name']." ".$row['last_name'];
$_SESSION['user'] = $row['login'];
$_SESSION['seclev'] = $row['security_level'];
$topage="/system";
if(isset($_SESSION['referrer']))
{
$topage = $_SESSION['referrer'];
unset($_SESSION['referrer']);
}
header('Location: '.$topage.'');
}
else
{
$err = '<font color="red">Incorrect username / password.</font>' ;
}
}
?>
functions.php
<?php
session_start();
if($_SERVER["PHP_SELF"] != "/system/login.php")
{
$_SESSION["referrer"] = $_SERVER["PHP_SELF"];
if(!empty($_GET))
$_SESSION["referrer"] .= "?".gets($_GET);
}
$reqseclev = 0;
function secure($level)
{
$reqseclev = $level;
if (!isset($_SESSION['phplogin']) || $_SESSION['phplogin'] !== "logged")
{
header('Location: /system/login.php');
exit;
}
if($_SESSION["seclev"] < $reqseclev)
{
$_SESSION["loginerror"] = "<font color=\"red\">The current user does not have permission to view this page.</font>";
header('Location: /system/login.php');
exit;
}
}
function gets($in)
{
$tmp = "";
foreach($in as $key => $value)
$tmp .= "$key=$value&";
$tmp = substr($tmp, 0, strlen($tmp)-1);
return $tmp;
}
?>