include("global/php_header.php4"); ?>
/*
if($_SERVER["SERVER_PORT"] != "443"){
header("Location: https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);
exit();
}
*/
if(!$currentSession["invalid_count"]){
$currentSession["invalid_count"] = 0;
}
$conn_id = DB_connect($db_source,$db_username,$db_password);
$sql = "SELECT title FROM CMS_COMPANIES_TBL WHERE comp_uid='$comp_uid'";
$result = DB_exec($dbname,$sql);
list($title) = DB_fetch_array($result);
$currentSession["title"] = $title;
$sql = "SELECT template,headline,headerfooter_color,headline_font_color,headline_font,img_logo,menu_color,menu_font,color_hi FROM CMS_SKINS_TBL WHERE comp_uid='$comp_uid'";
$result = DB_exec($dbname,$sql);
list($template,$headline,$headerfooter_color,$headline_font_color,$headline_font,$img_logo,$menu_color,$menu_font,$color_hi) = DB_fetch_array($result);
$currentSession["comp_uid"] = $comp_uid;
$currentSession["img_logo"] = $img_logo;
$sql = "SELECT doc_uid FROM CMS_DOCUMENTS_TBL WHERE comp_uid='$comp_uid' AND homepage='y'";
$result = DB_exec($dbname,$sql);
list($doc) = DB_fetch_array($result);
if(!$doc)
{
$doc = 0;
}
if($mode == "login"){
$conn_id = DB_connect($db_source,$db_username,$db_password);
$sql = "SELECT locked FROM WHOI_USERS_TBL WHERE username='".mysql_real_escape_string($_POST['username'],$conn_id)."'";
$result = DB_exec($dbname,$sql);
list($locked) = DB_fetch_array($result);
if($locked == 1){
$msg = "This account has been locked.
Please contact your Benefits Specialist.";
}
else{
$sql = "SELECT username,name,ssn,update_on,locked,password_change FROM WHOI_USERS_TBL WHERE STRCMP(BINARY username,'".mysql_real_escape_string($_POST['username'],$conn_id)."') = 0 AND STRCMP(BINARY password,'".mysql_real_escape_string($_POST['password'],$conn_id)."') = 0";
$result = DB_exec($dbname,$sql);
if(DB_num_rows($result) > 0){
list($username,$name,$soc,$update_on,$locked,$password_change) = DB_fetch_array($result);
$currentSession["username"] = $username;
$currentSession["soc"] = $soc;
$currentSession["update_on"] = $update_on;
$currentSession["invalid_count"] = 0;
$currentSession["password_change"] = $password_change;
$sql = "INSERT INTO CMS_RECORDS_TBL (company,username,name,soc) VALUES ('" . $currentSession["title"] . "','$username','$name','$soc')";
DB_exec($dbname,$sql);
header("Location: template.php4?doc_uid=".urlencode($doc_uid));
exit();
}
else{
$invalid = true;
$currentSession["invalid_count"]++;
if($currentSession["invalid_count"] >= 3){
$sql = "UPDATE WHOI_USERS_TBL SET locked='1' WHERE username='".$username."'";
DB_exec($dbname,$sql);
$currentSession["invalid_count"] = 0;
$msg = "This account has been locked.
Please contact your Benefits Specialist.";
}
}
}
}
?>