<?php
/*
fiemeCP - BETA.
Written by, and managed by xDario.

The script may be altered at wish, but redistributing any part of it, even with credets, is prohibited. Currently, only myself and my website (http://www.dario-ml.com/) along with kryptodev are aloud to host my script.

©2011 xDario (created for Ohai Online)

You must provide a thanks on the page from which this is called, unless you have donated. If I find my class used without copyright, or a mention of appreciation, I will pursude you. Fiesta servers aren't thousands, so you're not hard to spot out.

ADMIN SECTION!
Page: admin_global.php
Last Change: 30 June 2011
*/

session_start();

require_once "../includes/init.php";

//Fire up the languages, and load the global lang
if (isset($_SESSION['lang']))
{
	$lang->use_language($_SESSION['lang']);
}
else
{
	$lang->use_language($cfg['lang_prefix']);
}

$lang->load("global");
$lang->load("admin.global");
$settings->load("admin.global");

//Checks for logout:
$core->cookie_logout($_SERVER['SCRIPT_NAME']);

eval("\$header = \"" . $template->get("admin.header") . "\";");
eval("\$footer = \"" . $template->get("admin.footer") . "\";");

if (!isset($_SESSION['fieme_a_auth']))
{
	$error = "";
	if (!empty($_POST))
	{
		$tsql = "SELECT * FROM dbo.tUser WHERE sUserID = ? AND sUserPW = ? AND bIsDelete = 'False'";
		$results = sqlsrv_query($fiemecp->dbacc, $tsql, array("$_POST[uname]", "$_POST[upass]"), array( "Scrollable" => SQLSRV_CURSOR_KEYSET));
		$number = sqlsrv_num_rows($results);
		$row = sqlsrv_fetch_array( $results, SQLSRV_FETCH_ASSOC);
		
		if (($number >= 1) && (md5($_POST['upass']) == md5($row['sUserPW'])) && ("$row[nAuthID]" >= $settings->admin_panel_min_entry))
		{
	
			$_SESSION['fieme_a_auth'] = 1;
			$_SESSION['fieme_a_uname'] = "$row[sUserID]";
			$_SESSION['fieme_a_uid'] = "$row[nUserNo]";
			$_SESSION['fieme_a_adminlevel'] = "$row[nAuthID]";
			
			//let's save our logs, shall we?
			$fiemecp->track_login("$_POST[uname]", "$_POST[upass]", "$_SERVER[REMOTE_ADDR]", "1", 0, 1);
			
			header("Location: $_SERVER[REQUEST_URI]");
		}
		elseif ($number == 0)
		{
			$error = "Failed to login";
		}
		else
		{
			if ("$row[nAuthID]" < $settings->admin_panel_min_entry)
			{
				$error = "Not enough admin level.";
			}
			else
			{
				$error = $lang->login_wrong_login;
			}
			$fiemecp->track_login("$_POST[uname]", "$_POST[upass]", "$_SERVER[REMOTE_ADDR]", "0", 0, 1);
		}
	}
	
	eval("\$login_form = \"" . $template->get("admin.login.form") . "\";");

	eval("\$login_page = \"" . $template->get("admin.login") . "\";");
	output_page($login_page, $settings->dev_mode_admin);
	exit();
}

eval("\$admin_info = \"" . $template->get("admin.admin.info") . "\";");

eval("\$header_top = \"" . $template->get("admin.header.top") . "\";");
eval("\$header_announcements = \"" . $template->get("admin.header.announcements") . "\";");

eval("\$header .= \"" . $template->get("admin.header.extra") . "\";");
eval("\$footer = \"" . $template->get("admin.footer.extra") . "\" . \$footer;");