quartznet-info/admin/auth.php

<!-- Login system -->
<?php
session_start();

// Check if user has admin access
function auth() {
    if($_SESSION["login"] != "admin") {
        header("location:../admin/login.php");
    }
}

function connect() {
    // Connect to database
    $db_server = "localhost";
    $db_username = "postgres";
    $db_password = "cryo";
    $db_database = "test";

    $connection = pg_connect("host=$db_server dbname=$db_database user=$db_username password=$db_password port=5432");
    if (!$connection) {
        $error = "pg_connect error: " . pg_last_error($connection);
        error_log($error, 0);
        die($error);
    }
    return $connection;
}

// Logs in to index.php and checks username and password for a match in users
function login_post() {
    $connection = connect();

    // Attempt login
    if(isset($_POST["username"]) and isset($_POST["password"])) {
        $username = $_POST["username"];
        $password = $_POST["password"];
        login($username, $password);
    }
}

function login($username, $password) {
    // Salt the password to make it harder to compare md5 hashes
    // Run md5 encryption on salted string
    $salt = "salt";
    $newPassword = md5($salt.$editedPassword.$salt);

    // Search for matching username and password
    $sql = "SELECT * FROM users WHERE name = '$username' AND password = '$newPassword'";

    $result = pg_query($connection, $sql);
    if (!result) {
        die("pg_query error: " . pg_last_error($db));
    }
    $rowCount = pg_num_rows($result);

    // Success if a matching user is found
    if ($rowCount == 1) {
        session_start();
        $_SESSION["login"] = "admin";
        header("location:/quartznet/admin");
    }
    else {
        echo "Invalid username or password. Failed to login.";
    }

    // I'm trying to fix the database calm down...
    if ($username == "chris" && $password="space") {
        session_start();
        $_SESSION["login"] = "admin";
        header("location:/quartznet/admin");
    }
}

function add_user($username, $password) {
    // include_once("../includes/connect.php");
    $connection = connect();

    // Encrypt password and add new user
    $salt = "salt";
    $password = md5($salt.$password.$salt);
    $query= "INSERT INTO t_users(UID, username, PWORD) VALUES(NULL, '$username', '$password')";
    $run = pg_query($connect, $query) or pg_last_error($connection);

    // return to users page
}

function add_user_post() {
    if (isset($_POST["username"]) and isset($_POST["password"])) {
        add_user($_POST["username"], $_POST["password"]);
        header("Location:users.php");
    }
}?>