set_file("main","user_login.html"); $t->set_var("user_login_href", "user_login.php"); $t->set_var("user_home_href", "user_home.php"); $t->set_var("user_profile_href", "user_profile.php"); $t->set_var("user_profile_url", $user_profile_url); $t->set_var("forgot_password_href", "forgot_password.php"); $t->set_var("LOGIN_TITLE", LOGIN_TITLE); $t->set_var("NEW_USER_MSG", NEW_USER_MSG); $t->set_var("SIGN_UP_MSG", SIGN_UP_MSG); $t->set_var("EXISTS_USER_MSG", EXISTS_USER_MSG); $t->set_var("ENTER_LOGIN_MSG", ENTER_LOGIN_MSG); $t->set_var("LOGIN_FIELD", LOGIN_FIELD); $t->set_var("PASSWORD_FIELD", PASSWORD_FIELD); $t->set_var("REMEMBER_LOGIN_MSG", REMEMBER_LOGIN_MSG); $t->set_var("SIGN_IN_BUTTON", SIGN_IN_BUTTON); $t->set_var("LOGIN_AS_MSG", LOGIN_AS_MSG); $t->set_var("ACCESS_HOME_MSG", ACCESS_HOME_MSG); $t->set_var("CLICK_HERE_MSG", CLICK_HERE_MSG); $t->set_var("LOGOUT_BUTTON", LOGOUT_BUTTON); $t->set_var("FORGOT_PASSWORD_MSG", FORGOT_PASSWORD_MSG); $return_page = get_param("return_page"); if(!strlen($return_page)) $return_page = "user_home.php"; $login = get_cookie("cookie_user_login"); $password = get_cookie("cookie_user_password"); if(strlen($login) && strlen($password)) { $cookie_login = true; } else { $cookie_login = false; $login = ""; $password = ""; } $remember_me = get_param("remember_me"); $operation = get_param("operation"); $errors = ""; if(strlen($operation) || ($cookie_login && !get_session("session_user_id"))) { if($operation == "cancel") { header("Location: index.php"); exit; } else if($operation == "logout") { set_session("session_user_id", ""); set_session("session_user_type_id", ""); set_session("session_user_login", ""); set_session("session_user_name", ""); set_session("session_user_email", ""); set_session("session_discount_type", ""); set_session("session_discount_amount", ""); if (get_setting_value($settings, "logout_cart_clear", 0) == 1) { set_session("shopping_cart", ""); set_session("session_coupons", ""); } } else { if(!$cookie_login) { $login = get_param("login"); $password = get_param("password"); if(!strlen($login)) { $error_message = str_replace("{field_name}", LOGIN_FIELD, REQUIRED_MESSAGE); $errors .= $error_message . "
"; } if(!strlen($password)) { $error_message = str_replace("{field_name}", PASSWORD_FIELD, REQUIRED_MESSAGE); $errors .= $error_message . "
"; } } if(!$errors && check_black_ip()) { $errors = BLACK_IP_MSG; } if(!$errors) { $password_encrypt = get_setting_value($settings, "password_encrypt", 0); if ($password_encrypt == 1) { $password_match = md5($password); } else { $password_match = $password; } $sql = " SELECT u.user_id,u.user_type_id,u.name,u.first_name,u.last_name,u.email,u.is_approved, "; $sql .= " u.discount_type AS user_discount_type, u.discount_amount AS user_discount_amount, "; $sql .= " ut.discount_type AS group_discount_type, ut.discount_amount AS group_discount_amount, "; $sql .= " c.currency_code "; $sql .= " FROM ((" . $table_prefix . "users u "; $sql .= " LEFT JOIN " . $table_prefix . "user_types ut ON u.user_type_id=ut.type_id) "; $sql .= " LEFT JOIN " . $table_prefix . "countries c ON u.country_code=c.country_code) "; $sql .= " WHERE login=" . $db->tosql($login, TEXT); $sql .= " AND password=" . $db->tosql($password_match, TEXT); $db->query($sql); if($db->next_record()) { $is_approved = $db->f("is_approved"); if($is_approved) { $user_id = $db->f("user_id"); $currency_code = $db->f("currency_code"); $user_discount_type = $db->f("user_discount_type"); $user_discount_amount = $db->f("user_discount_amount"); $group_discount_type = $db->f("group_discount_type"); $group_discount_amount = $db->f("group_discount_amount"); set_session("session_user_id", $user_id); set_session("session_user_type_id", $db->f("user_type_id")); set_session("session_user_login", $login); if(strlen($db->f("name"))) { $user_name = $db->f("name"); } else if (strlen($db->f("first_name")) || strlen($db->f("last_name"))) { $user_name = $db->f("first_name") . " " . $db->f("last_name"); } else { $user_name = $login; } set_session("session_user_name", $user_name); set_session("session_user_email", $db->f("email")); if ($user_discount_type > 0) { set_session("session_discount_type", $user_discount_type); set_session("session_discount_amount", $user_discount_amount); } else if ($group_discount_type) { set_session("session_discount_type", $group_discount_type); set_session("session_discount_amount", $group_discount_amount); } if($remember_me) { setcookie("cookie_user_login", $login, time() + 3600 * 24 * 366); setcookie("cookie_user_password", $password, time() + 3600 * 24 * 366); } // get currency if available if ($currency_code) { get_currency($currency_code); } // update last visit time $sql = " UPDATE " . $table_prefix . "users SET last_visit_date=" . $db->tosql(va_time(), DATETIME); $sql .= ", last_visit_ip=" . $db->tosql(get_ip(), TEXT); $sql .= " WHERE user_id=" . $db->tosql($user_id, INTEGER); $db->query($sql); header("Location: " . $return_page); exit; } else { $errors .= ACCOUNT_APPROVE_ERROR . "
"; } } else { $errors .= LOGIN_PASSWORD_ERROR . "
"; if($cookie_login) { setcookie("cookie_user_login"); setcookie("cookie_user_password"); } } } } } if($remember_me) $t->set_var("remember_me", "checked"); else $t->set_var("remember_me", ""); if($errors) { $t->set_var("errors_list", $errors); $t->parse("errors", false); } else { $t->set_var("errors", ""); } if(get_session("session_user_id")) { $t->set_var("user_login", get_session("session_user_login")); $t->set_var("user_name", get_session("session_user_name")); $t->set_var("operation", "logout"); $t->set_var("login_form", ""); $t->parse("logout_form", false); } else { $t->set_var("return_page", htmlspecialchars($return_page)); $t->set_var("login", htmlspecialchars($login)); $t->set_var("operation", "login"); $t->set_var("logout_form", ""); $t->parse("login_form", false); } $type_error = get_param("type_error"); if($type_error == 2) { //$t->parse("access_error", false); //$errors = true; } include("./header.php"); include("./footer.php"); $t->pparse("main"); ?>