<%args> $email=>"" $pword=>"" <%init> srand; use RubyCore::ObjectInit; use designobserver::Config(); my $rso = new RubyCore::ObjectInit { %designobserver::Config::c }; $rso->dbconnect(); my $cookievar; my $href; my @temp; my @users; my $i; my $gologin=0; my $sql; my $sth; my $haspw; my $locked; my $removed; my $memid; my $url; my $surl; my $site; my $uip = $ENV{REMOTE_ADDR}; $email = $rso->rsan($email); $pword = $rso->rsan($pword); if (!$email){ $url = "nominate.html?error=1"; } if (!$pword){ $url = "nominate.html?error=2"; } if ($email && $pword){ # FIRST - Check to see if there is a user in the system with matching username and password. $sql = "SELECT id, locked, removed FROM signups WHERE email=\"$email\" AND passwd=AES_ENCRYPT(\"$pword\",'password')"; $sth = $rso->dosql($sql); ($gologin,$locked,$removed) = $sth->fetchrow_array (); if (!$gologin){ $sql = "INSERT INTO sitelogins SET created=NOW(), success='N', email='$email', passwd='$pword', IP='$uip'"; $sth = $rso->dosql($sql); $url = "/login.html?error=1"; } else { #check to see if the account was locked, if not, complete the login. if ($locked eq "N" && $removed eq "N"){ $m->comp("/designobservercomp/setcookie.comp",user=>$gologin,uip=>$uip); $sql = "INSERT INTO sitelogins SET created=NOW(), success='Y', signupid='$gologin', IP='$uip', email='$email'"; $sth = $rso->dosql($sql); } else { $sql = "INSERT INTO sitelogins SET created=NOW(), success='N', signupid='$gologin', IP='$uip', email='$email'"; $sth = $rso->dosql($sql); } } $url = "nominate.html"; } $m->redirect($url);