<!-- Copyright (C) 2009 DNA Bank Network
http://www.dnabank-network.org

The contents of this file are subject to the Mozilla Public License Version 1.1
See LICENSE.TXT at the top of this package for the full license terms. -->

<?php
      if ($_SERVER['REQUEST_METHOD'] == 'POST') {

      $username = addslashes($_POST['loguser']);
      $password = md5($_POST['logpass']);
   //   $password = $_POST['logpass'];

      if($username != "")
      {     
      
      $hostname = $_SERVER['HTTP_HOST'];
      $path = dirname($_SERVER['PHP_SELF']);

      
      $sql= "SELECT User_ID, Username, Password, Surname, Forename, Coding FROM tableuser " .
                            "WHERE BINARY Username = '$username' " .
                            "  AND Password = '$password'";
      $result = mysql_query($sql);
                        
      while($row = mysql_fetch_object($result))
      { $Signatur = $row->Forename." ".$row->Surname; 
        $ID = $row->User_ID; 
        $Coding = $row->Coding;
        $Check = $row->Password; }
      
      if(mysql_num_rows($result))
       {
       $_SESSION['login'] = true;
       $_SESSION['log'] = $Signatur;
       $_SESSION['log2'] = $ID;
      
       $time = time();
       
       
       $sqlupdate = "UPDATE tableuser SET LastAction = '$time' WHERE User_ID = '$ID'";
        $resultupdate = mysql_query($sqlupdate);
       
       if($username == "Webmaster")
       { $_SESSION['admin'] = true; }
       
        if($Coding != "" and $Check != "")
        {$sql1 = "UPDATE tableuser SET Coding = '' WHERE User_ID = '$ID'";
        $result1 = mysql_query($sql1);}

       }
       

       
      if(!mysql_num_rows($result) and !isset($_SESSION['login']) and !$_SESSION['login'])
      {   
//header('Location: http://'.$hostname.($path == '/' ? '' : $path).'/Login.php?check='.$_GET['check'].'&error=true'.($_GET['hitlist'] == 'true' ? '&hitlist=true' : '').($_GET['sqlType'] == 'Detail' ? '&sqlType=Detail&ID_Cache='.$_GET['ID_Cache'] : ''));             

      header('Location: http://www.dnabank-network.org/Login.php?check='.$_GET['check'].'&error=true'.($_GET['hitlist'] == 'true' ? '&hitlist=true' : '').($_GET['sqlType'] == 'Detail' ? '&sqlType=Detail&ID_Cache='.$_GET['ID_Cache'] : ''));             
      } 
      
        } // if($username != "")
        
        if($formSubmitShop)
        {
        if(!isset($_SESSION['login']) || !$_SESSION['login'])
{
if(isset($_REQUEST['check']) or !empty($_REQUEST['check']) or $cachedetail != "") {
header('Location: http://'.$hostname.($path == '/' ? '' : $path).'/Login.php?check=shop');
exit;
} }
        
        }
        
      } // if ($_SERVER['REQUEST_METHOD'] == 'POST')

   $SID = session_id();
   $UserID = $_SESSION['log2'];
   
   if($formSubmitShop or $formSubmitOrder or $formSubmitOrder2 or $formSubmitShopDetail or $formSubmitSearch or $formShopDelete or $_GET['page'] != "" or $_GET['sqlType'] == "detail")
   {
    if(isset($_SESSION['login']) || $_SESSION['login']) {
   $sqlTest = "SELECT LastAction FROM tableuser WHERE User_ID = '$UserID'";
   $resultTest = mysql_query($sqlTest);
   
   while($row = mysql_fetch_object($resultTest))
   {  $LastAction = $row->LastAction;  }
   
   $error1 = time() - $LastAction;
   if($error1 < 30*60)
   { 
   $time = time();
   
   $sqlupdate = "UPDATE tableuser SET LastAction = '$time' WHERE User_ID = '$UserID'";
     $resultupdate = mysql_query($sqlupdate);    }
     
   if($error1 > 30*60)
   {  
 
  
     $sqlTest = "DELETE FROM tablecart WHERE tablecart.Session = '$SID'";
     $resultTest = mysql_query($sqlTest);
     
     $_SESSION = array();
     
     if (isset($_COOKIE[session_name()])) {
     setcookie(session_name(), '', time()-42000, '/');
     }
     
     session_destroy(); 
     
//    header('Location: http://'.$hostname.($path == '/' ? '' : $path).'/Index.php?check=timeout'); 
header('Location: http://www.dnabank-network.org/Index.php?check=timeout');             
}
  }
}
    
?>