<?
//Simple login form with authentication and authorization
session_start();

// Only script with defined _VALID_BARGAIN can inlude files.
define ("_VALID_BARGAIN", true);

//Start session, check authorization, set language file
file_exists("language.php") ? require("language.php") : die('Missing file language.php. Please reinstall from original source');

if(!empty( $_SESSION['status_message']))
{
	$statusbar= $_SESSION['status_message'];
	unset( $_SESSION['status_message']);	
}
else 
{
	$statusbar = '';	
}

//checking if POST login and password vars exist
if( (isset($_POST['login']) && isset($_POST['password'])) )
{
	//Database configuration check and connection
	file_exists("db_connect.php") ? require("db_connect.php")  : die( $LANGUAGE['mf_db_connect']);
	
	//Configuration check and load
	file_exists("params.php") ? require("params.php")  : die( $LANGUAGE['mf_params']);
		
	// Add backslahes before characters that need to be quoted in database queries
	// Check if server config add's slashes by itself, if not run addslashs
    if( get_magic_quotes_gpc() )
    {
    	$login = $_POST['login'];
    	$password = $_POST['password'];
    }
    else
    {
    	$login = addslashes($_POST['login']);
    	$password = addslashes($_POST['password']);
    }
    
	
    // Check if admin, if not check if user.
    if ( ($login == $ADMIN['login'] ) && ( $password == $ADMIN['password'] ) )
    {
    	$_SESSION['loged'] = true;
    	$_SESSION['admin'] = true;
    	$_SESSION['language'] = $ADMIN['language'];
    	$_SESSION['currentproject'] = NULL;
    	$_SESSION['currentprojectname'] = NULL;
		$_SESSION['status_message'] = NULL;

    	/* **************************** GET LANGUAGES ************************************/

    	// Set session variables about languages
    	unset($_SESSION['languages_list']);
    	unset($_SESSION['languages_files_list']);

    	// Check what languages are
    	$query = "
		SELECT language, languagefile
		FROM ".$DB_TABLES['bargain_languages'];

    	$result = mysql_query ($query);// or die ($LANGUAGE['db_query_failed']);
    	
    	if($result)
    	{
		   	$check_result = mysql_fetch_row($result);
    	}
    	else 
    	{
  		  	$_SESSION['status_message'] = $LANGUAGE['db_is_not_installed'];	
    	}
    	
    	// Add languages to list
    	while ($check_result)
    	{
    		$_SESSION['languages_list'][] = $check_result[0];
    		$_SESSION['languages_files_list'][] = $check_result[1];
    		$check_result = mysql_fetch_row($result);
    	};

    	//forwarding admin to main window
    	header("Location: admin.php");
    	//make sure that the rest of the script won't be executed
    	exit;


    	
    }
    else 
    {

    	// Check if users exists in DataBase
    	$query = "SELECT login, password, username, language, lastusedproject FROM ".$DB_TABLES['bargain_users']." WHERE login = '$login' AND password = '".md5($password)."'";
    	$result = mysql_query ($query) or die ($LANGUAGE['db_query_failed']);
    	$check_result = mysql_fetch_row($result);


    	// Check authentication of user
    	if ( $check_result  )
    	{
    		/* **************************** SET SESSION VARIABLES ************************************/

    		$message = $LANGUAGE['user_loged'];

    		// Set session variables about user
    		$_SESSION['loged'] = true;
    		$_SESSION['admin'] = false;
    		$_SESSION['login'] = $check_result[0];
    		$_SESSION['username'] = $check_result[2];
    		$_SESSION['language'] = $check_result[3];
    		$_SESSION['currentproject'] = $check_result[4];

    		// name of acctual project we will get below, from check what project user can access
    		unset($_SESSION['currentprojectname']);

    		/* **************************** GET PROJECTS ************************************/


    		// Set session variables about user's projects
    		unset($_SESSION['projects_id']);
    		unset($_SESSION['projects_names']);

    		// Check what projects user can access
    		$query = "
			SELECT p.projectid, p.projectname
			FROM ".$DB_TABLES['bargain_projects']." AS p, ".$DB_TABLES['bargain_projects_users']." AS u
			WHERE u.userlogin = '".$_SESSION['login']."'
			AND p.projectid = u.projectid
			AND p.projectstate IN ('1','2')
			";
    		$result = mysql_query ($query) or die ($LANGUAGE['db_query_failed']);
    		$check_result = mysql_fetch_row($result);

    		// Add projects to list
    		while ($check_result)
    		{
    			$_SESSION['projects_id'][] = $check_result[0];
    			$_SESSION['projects_names'][] = $check_result[1];
    			$check_result = mysql_fetch_row($result);
    		};

			
    		// Show that projects [optional]
    		foreach($_SESSION['projects_id'] as $key => $project_id)
    		{
    			// Get the name of actual project
    			if ( $_SESSION['currentproject'] == $_SESSION['projects_id'][$key] )
    			$_SESSION['currentprojectname'] = $_SESSION['projects_names'][$key];

    		};


    		/* **************************** GET LANGUAGES ************************************/


    		// Set session variables about languages
    		unset($_SESSION['languages_list']);
    		unset($_SESSION['languages_files_list']);

    		// Check what languages are
    		$query = "
            SELECT language, languagefile
            FROM ".$DB_TABLES['bargain_languages'];

    		$result = mysql_query ($query) or die ($LANGUAGE['db_query_failed']);
    		$check_result = mysql_fetch_row($result);

    		// Add languages to list
    		while ($check_result)
    		{
    			$_SESSION['languages_list'][] = $check_result[0];
    			$_SESSION['languages_files_list'][] = $check_result[1];
    			$check_result = mysql_fetch_row($result);
    		};


    		//forwarding user to main window
    		header("Location: index2.php");
    		//make sure that the rest of the script won't be executed
    		exit;
    	}
    	else
		{	// Not admin, not user - Wrong password,not loged
        $message = '';
              $message .= '
              <table width="100%" id="statusbar"><tr><td align="center">
              Given wrong password or username
              </td><tr></table>
              ';
  	 	 	  $message .=
  	 	 	  '

<TABLE align="center" height="100%" cellspacing="0" cellpadding="0">
	<TR>
		<TD align="center">

        	<TABLE cellspacing="0" cellpadding="0" class="frm" align="center">

                <TR>
					<TD colspan="3" class="t1" align="center">Transcat Bargain</TD>
				<TR>

   				<TR>
					<TD colspan="3" class="t3" align="center">Login</TD>
				<TR>

                <TR>
                	<TD rowspan="6"><img src="img/padlock.jpg"></TD>
                </TR>

				<FORM action="index.php" method="post" class="frm">

				<TR>
					<TD>

                    	<table cellpadding="3" cellspacing="3" align="center">

                            <tr>
                            	<td class="t2" align="right">Login:</td>
                                <td class="t2"><INPUT type="text" name="login"></td>
                            </tr>

                            <tr>
                            	<td class="t2" align="right">Password:</td>
                                <td class="t2"><INPUT type="password" name="password"></td>
                            </tr>

                        </table>

                    </TD>
				</TR>

				<TR>
					<TD></TD>
				</TR>

				<TR>
					<TD colspan="2" class="t2" align="center"><INPUT type="submit" value=" Log in " name="go"></TD>
				</TR>

				</FORM>

            </TABLE>

        </TD>

	</TR>

</TABLE>

  ';
  		  	session_destroy();
		}
    }

} //POST check
else
{

  //Display login form
  $message = '<table width="100%" id="statusbar"><tr><td align="center">&nbsp;'.$statusbar.'&nbsp;</td></tr></table>';
  $message .=
  '

<TABLE cellspacing="0" cellpadding="0" align="center" height="100%">
	<TR>
		<TD align="center">

        	<TABLE cellspacing="0" cellpadding="0" class="frm" align="center">

                <TR>
					<TD colspan="3" class="t1" align="center">Transcat Bargain</TD>
				<TR>

   				<TR>
					<TD colspan="3" class="t3" align="center">Login</TD>
				<TR>

                <TR>
                	<TD rowspan="6"><img src="img/padlock.jpg"></TD>
                </TR>

				<FORM action="index.php" method="post" class="frm">

				<TR>
					<TD>

                    	<table cellpadding="3" cellspacing="3" align="center">

                            <tr>
                            	<td class="t2" align="right">Login:</td>
                                <td class="t2"><INPUT type="text" name="login"></td>
                            </tr>

                            <tr>
                            	<td class="t2" align="right">Password:</td>
                                <td class="t2"><INPUT type="password" name="password"></td>
                            </tr>

                        </table>

                    </TD>
				</TR>

				<TR>
					<TD></TD>
				</TR>

				<TR>
					<TD colspan="2" class="t2" align="center"><INPUT type="submit" value=" Log in " name="go"></TD>
				</TR>

				</FORM>

            </TABLE>

        </TD>

	</TR>

</TABLE>

  ';
}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">
<HTML>
<HEAD>
	<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">
	<LINK REL="Stylesheet" HREF="css/bargain.css" TYPE="text/css">
	<SCRIPT language="Javascript" SRC="js/scripts.js"></SCRIPT>
	<TITLE>Transcat Bargain - Login</TITLE>
</HEAD>
<BODY>


<?


if( isset($message))
    echo $message;


?>

</body>
</HTML>