mods/job_board/employer/login.php

   1 <?php
   2 /***********************************************************************/
   3 /* ATutor                                                                                                                          */
   4 /***********************************************************************/
   5 /* Copyright (c) 2002-2009                                                                                         */
   6 /* Adaptive Technology Resource Centre / Inclusive Design Institute        */
   7 /* http://atutor.ca                                                                                                        */
   8 /*                                                                                                                                         */
   9 /* This program is free software. You can redistribute it and/or           */
  10 /* modify it under the terms of the GNU General Public License             */
  11 /* as published by the Free Software Foundation.                                           */
  12 /***********************************************************************/
  13 // $Id$
  14 $_user_location='public';
  15 define(AT_INCLUDE_PATH, '../../../include/');
  16 include(AT_INCLUDE_PATH.'vitals.inc.php');
  17 include(AT_JB_INCLUDE.'classes/Job.class.php');
  18 $_custom_css = $_base_path . AT_JB_BASENAME . 'module.css'; // use a custom stylesheet
  19
  20 //Check the form username and pwd
  21 if (isset($_POST['submit']) && $_POST['submit']!=''){
  22         $job_login              = $addslashes($_POST['form_login']);
  23
  24         $sql = 'SELECT id, password, approval_state FROM '.TABLE_PREFIX."jb_employers WHERE username='$job_login'";
  25         $result = mysql_query($sql, $db);
  26         $row = mysql_fetch_assoc($result);
  27         //check for approval state
  28         if ($row['approval_state']!=AT_JB_STATUS_CONFIRMED){
  29                 $msg->addError('INVALID_LOGIN');
  30         } else {
  31                 //check login + password
  32                 //if enc(a x s) = enc(b x s), then valid
  33                 if (sha1($addslashes($row['password']).$_SESSION['token']) == $_POST['form_password_hidden']){
  34                         $_SESSION['jb_employer_id'] = $row['id'];
  35                         //if succeeded
  36                         $msg->addFeedback('LOGIN_SUCCESS');
  37                         header('Location: home.php');
  38                         exit;
  39                 } else {
  40                         $msg->addError('INVALID_LOGIN');
  41                 }
  42         }
  43 }
  44
  45 include(AT_INCLUDE_PATH.'header.inc.php');
  46 $savant->display('employer/jb_login.tmpl.php');
  47 include(AT_INCLUDE_PATH.'footer.inc.php');
  48 ?>