query($sql); if ($rh = $st->fetchHash()){ if ($rh["pswd"] == $pswd){ $sUserInfo = $rh; //get their permissions $sql = "select * from HAPI_permission where login = '$login'"; $st = $db->query($sql); while ($rh = $st->fetchHash()){ $sUserInfo[$rh["application"]] = $rh["accessLevel"]; } //write cookie setcookie ("HAPI_session", session_id(),0, "/"); //write DB entry $sql = "insert into HAPI_session (sessionID,login) values ('$login','" . session_id() . "')"; $db->query($sql); $HAPI_accessLevel = $sUserInfo[$application]; //check to make sure they pass for this app. if ($sUserInfo[$application] < $accessLevel){ //they failed. if ($strictness == "hard"){ HAPI_noAccess(); exit; } return false; } return true; } else { //user but no pswd if ($strictness == "hard"){ HAPI_login(); exit; } return false; } } //no user if ($strictness == "hard"){ HAPI_login(); exit; } } // end if they are trying to log in //try to find session in db. $sql = "select login from HAPI_session where sessionID = '$HAPI_session'"; $login = $db->firstOfFirst($sql); if ($login){ //there was a session in DB. //get user info $sql = "select * from HAPI_user where login = '$login'"; $st = $db->query($sql); $rh = $st->fetchHash(); $sUserInfo = $rh; //get user permissions $sql = "select * from HAPI_permission where login = '$login'"; $st = $db->query($sql); while ($rh = $st->fetchHash()){ $sUserInfo[$rh["application"]] = $rh["accessLevel"]; } $HAPI_accessLevel = $sUserInfo[$application]; //check to make sure they pass for this app. if ($sUserInfo($application) > $accessLevel){ //they failed. if ($strictness == "hard"){ HAPI_noAccess(); exit; } return false; } else { return true; } }//end if there was a session in the DB. // if there was an active session // or if there was a session in the DB, // they should already have returned or // gone somewhere. if ($strictness == "hard"){ HAPI_login(); exit; } return false; } // end no session found. //they probably won't get here? if ($strictness == "hard"){ HAPI_login(); exit; } return false; } //end function function HAPI_logout ($loginLink = "") { global $SCRIPT_NAME; if ($loginLink == ""){ $loginLink = $SCRIPT_NAME . "?logMeIn=1"; } session_start(); session_destroy(); setcookie ("HAPI_session", "",0, "/"); print "

You are now logged out.

"; print "Login.
"; print "Proceed without login.
"; } function HAPI_login ($url = "") { global $SCRIPT_NAME; global $test; if ($url){ $action = " ACTION=\"$url\""; } else { $action = " ACTION=\"$SCRIPT_NAME\""; } ?> You do not have permission to do this task.

logout.