define( "DATABASE", $database_connectDb ); define( "EXPIRE", 14400 ); define( "COOKIE_NAME", "private_".DATABASE ); define( "COOKIE_NAME_PRIVATE", "private_".DATABASE."_registered" ); if($action=="logout"){ setcookie(COOKIE_NAME, '', time() - 3600, '/'); setcookie(COOKIE_NAME_PRIVATE, '', time() - 3600, '/'); header ("Location: ".getUrl(array("action"),$currentPage,0)); exit; } //Utenti Registrati $tabella="utente"; $formNm="login"; $cookieName=COOKIE_NAME; $isLogged = getIsLogged($tabella, $formNm, $cookieName); $formNm="login_top"; $isLogged = getIsLogged($tabella, $formNm, $cookieName); if($isLogged){ $tmp=split("-", $_COOKIE[$cookieName]); $idLogged = loadFromDbSimple("id",$tabella,"utente='".$tmp[0]."'",""); $nameLogged = getNmLogged($tabella, $idLogged); } //Utenti Area Privata $tabella="utente_privato"; $formNm="login_area_privata"; $cookieName=COOKIE_NAME_PRIVATE; $isLoggedPrivate = getIsLogged($tabella, $formNm, $cookieName); if($isLoggedPrivate){ $tmp=split("-", $_COOKIE[$cookieName]); $idLoggedPrivate = loadFromDbSimple("id",$tabella,"utente='".$tmp[0]."'",""); $nameLogged = getNmLogged($tabella, $idLoggedPrivate); } function getNmLogged($tabella, $idLogged) { $tmp=getCampoNome($tabella); $isCognome=($tmp=="cognome"); if($isCognome) $tmp.=",nome"; loadFromDbSimple($tmp,$tabella,"id='".$idLogged."'","tmp"); if($isCognome) { global $tmp_cognome; global $tmp_nome; $nameLogged=$tmp_cognome." ".$tmp_nome; } else { global ${"tmp_".$tmp}; $nameLogged=${"tmp_".$tmp}; } return $nameLogged; } function getIsLogged($tabella, $formNm, $cookieName) { $cookie_var = split("-", $_COOKIE[$cookieName]); $utente = $cookie_var[0]; $password = $cookie_var[1]; $result = "select password, 1 as auth from ".$tabella." where utente='".$utente."' and password='".$password."' and is_attivo=1"; $row = mysql_fetch_array(mysql_db_query( DATABASE, $result )); $isLogged = ($row[auth]); if(!$isLogged) $isLogged = checkCookie($tabella, $cookieName); return $isLogged; } function checkCookie($tabella, $cookieName){ if (isset($_POST['utente'])){ $utente=$_POST['utente']; $password=$_POST['password']; return AuthenticateUser ( $utente, $password, $tabella, $cookieName ); } } function GenerateSecret($utente, $encrypted_password, $tabella, $cookieName) { $cookie_val = "$utente-$encrypted_password"; setcookie($cookieName, $cookie_val, time()+EXPIRE, '/'); $data = date('YmdHi'); $query = "update ".$tabella." set data_ultimo_accesso='".$data."' where utente='".$utente."' and password='".$encrypted_password."' and is_attivo=1"; mysql_db_query( DATABASE, $query ); global $currentPage; header ("Location: ".getUrl(array("action"),$currentPage,0)); exit; } function AuthenticateUser($utente, $password, $tabella, $cookieName) { $appoggio=md5("$password"."$utente"); $utente=strip_tags(trim($utente)); $utente = ereg_replace('=', '', $utente); $utente = ereg_replace(' or', ' ', $utente); $utente = ereg_replace('or ', ' ', $utente); $utente = ereg_replace('and ', ' ', $utente); $utente = ereg_replace(' and', ' ', $utente); $utente = ereg_replace(' ', '', $utente); $arg = "select password, 1 as auth from ".$tabella." where utente='".$utente."' and password='".$appoggio."' and is_attivo=1"; $row = mysql_fetch_array(mysql_db_query( DATABASE, $arg )); if ($row[auth]) GenerateSecret( $utente, $row[password], $tabella, $cookieName ); return $row[auth]; } ?>