faceval/index.php at master · ranzig/faceval · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php
if($_POST['check'] == 1) {
	process_form();
} else {
	print_form(array());
}

function process_form() {
	$user_p = $_POST['user'];
	$passwd_p = $_POST['password'];

	include_once('inc/mysql.php');

	$user_p = mysql_real_escape_string($user_p);
	$passwd_p = mysql_real_escape_string($passwd_p);

	$loginsql = ""
		. "SELECT *"
		. " FROM instructors, permissions"
		. " WHERE instructors.instr_id LIKE permissions.instr_id"
		. " AND instructors.instr_id like '$user_p'"
		. " AND instr_pass like MD5('$passwd_p')"
		. " AND permissions.perm_level > 0"
		. " ORDER BY perm_level"
		. " LIMIT 1"
		;

	$result = mysql_query($loginsql);

	if(!$result) {
		print_form(array("Database error: " . mysql_error()));
		exit;
	}

	if(mysql_num_rows($result) != 1) {
		print_form(array("Bad username or password."));
		exit;
	} else {
		$row = mysql_fetch_assoc($result);
		$user_db = $row['instr_id'];
		$expire = strtotime(date("F d, Y ") . "23:59:59") + 1;
		setcookie("instr_id", $user_db, $expire);
		setcookie("oo", $oo, $expire);

		print <<<ENDLOGIN
<html>
<head>
<META http-equiv="refresh" content="0;URL=main.php">
<title>Redirecting</title>
</head>
<body>

<h1>Success!</h1>

<p>Your username and password have been accepted and you are being redirected to the main page of this application</p>

<p>You shouldn't even see this page for very long, but if you do, <a href="main.php">click here</a> to continue.</p>

</body>
</html>

ENDLOGIN;
	}
}

function print_form($errors) {
	include('inc/head.php');

	$thisdoc = $_SERVER['PHP_SELF'];

	if(count($errors) >= 1) {
		$errortxt = ""
			. "\n\t<tr><td align='center' colspan='2'>"
			. "\n\n\t<p>\n\t\t<ul>\n\t\t\t<li>\n\t\t\t\t"
			. join("\n\t\t\t</li>\n\t\t\t<li>\n\t\t\t\t", $errors)
			. "\n\t\t\t</li>\n\t\t</ul>\n\t</p>"
			. "\n\t</td></tr>"
			;
	} else { $errortxt = ""; }

	print <<<END
<div id='head'>
	<table align='center'>
	<tr><td align='center'>
	<img src='img/seal.gif'/>
	</td><td align='left'>
	<p><strong>Georgia Southwestern State University</strong></p>
	<p><strong>Teaching Evaluation Page</strong></p>
	<p><strong>
END;

include('inc/showsemester.php');

print <<<END1
</strong></p>
	</td></tr>$errortxt
	</table>
</div>

<div id='content'>
	<table id='login'>
	<form method='post' action='$thisdoc'>
	<tr>
	<td align='right'>
	User ID:
	</td><td align='left'>
	<input size='10' name='user'/>
	</td>
	</tr>
	<tr>
	<td align='right'>
	Password:
	</td><td align='left'>
	<input type='password' size='10' name='password'/>
	</td>
	</tr>
	<tr>
	<td colspan='2' align='center'>
	Your login information is sent over an encrypted connection<br/>
	<br/>
	Your User ID is your GSW ID#, and your Password is "gsweval" (unless you've changed it).<br/>
	<br/>
	If you have problems with this system, please contact Alla Yemelyanov at <a href="mailto:alla.yemelyanov@gsw.edu">alla.yemelyanov@gsw.edu</a> or 229-931-2074.<br/>
	<br/>
	<input type='hidden' name='check' value='1'/>
	<input type='submit' value='Submit'/>
	</td>
	</tr>
	</form>
	</table>
</div>

END1;

	include('inc/foot.php');
}

?>