<?php
	/******************************************************************/
	/*檔名:login.php																	*/
	/*說明:論文上傳登入作業																*/
	/*相關檔案:																			*/
	/*			list.php																	*/
	/*																						*/
	/******************************************************************/
	session_start();
	
	require_once 'connection.php';
	
	if (isset($_POST['login_id']) && isset($_POST['password']))
	{
		//登入檢查-檢查登入參數是否傳遞錯誤
		if(($_POST['login_id'] == '') || ($_POST['password'] == ''))
		{	
			show_page('Parameter Passing Error!!!');
			exit;
		}
			
		//使用者身份認證檢查
		$check = auth($_POST['login_id'], $_POST['password']);	

		//帳號密碼正常並通過登入認證
		//將帳號及相關資料加入session之中，以便認證檢查之用
				
		unset($_SESSION['login_id']);		
		unset($_SESSION['user_id']);						
		unset($_SESSION['user_type']);
		
		$_SESSION['login_id'] = $_POST['login_id'];
		$_SESSION['user_id'] = $check->UserID;
		$_SESSION['user_type'] = $check->UserType;

		//include_once 'fun_log.php';
		//add_log(1, $check->UserID);		//新增一筆"登入系統"記錄 - Log & UserInfo
		//add_message();						//上線通知
		
		header("Location: ./list.php?<?SID?>");
	   exit;
	}
	else
	{  
		show_page();
	}
	
/*------------------------------------------------------------------------------------------------------------------------*/
	function auth($login_id, $password) 
	{	//登入檢查-帳號或密碼是否有誤	
		
		$AuthSQL=sprintf("SELECT UserID,UserType,Active FROM UserInfo WHERE LoginID=%s AND Password=%s",
			GetSQLValueString($login_id, "text"),
			GetSQLValueString($password, "text"));
			
		$Result = mysql_query($AuthSQL, $GLOBALS['conn']) or die(mysql_error());

		if((mysql_num_rows($Result) != 1) || !($row = mysql_fetch_object($Result)))
		{	
			show_page('Your Login ID or Password is INCORRECT!');
			exit;
		}
		//檢查帳號是否啟動
		else if($row->Active != 'Yes')
		{	//該帳號未啟動	，強迫進入帳號註冊啟動頁面
			show_page('Your Login ID is INACTIVE!');
			exit;
		}
		//帳號完成正常
		else
		{	
			return $row;
		}
	}
	
/*------------------------------------------------------------------------------------------------------------------------*/
	function show_page($error = '')
	{	
		if(!isset($_SESSION['conf_alias']))
			//$_SESSION['conf_alias'] = $_GET['conf_alias'];
			$_SESSION['conf_alias'] = 'iihmsp06';

		$query_Recordset = "SELECT ConferenceID,FullName,ShortName,MailBox,ContactEmail,SupportEmail FROM ConferenceInfo Where alias='".$_SESSION['conf_alias']."'";
		$Recordset = mysql_query($query_Recordset, $GLOBALS['conn']) or die(mysql_error());
		$row_Recordset = mysql_fetch_assoc($Recordset);

		$_SESSION['conf_id'] = $row_Recordset['ConferenceID'];
		$_SESSION['conf_fullName'] = $row_Recordset['FullName'];
		$_SESSION['conf_shortName'] = $row_Recordset['ShortName'];
		$_SESSION['conf_mailBox'] = $row_Recordset['MailBox'];
		$_SESSION['conf_contactEmail'] = $row_Recordset['ContactEmail'];
		$_SESSION['conf_supportEmail'] = $row_Recordset['SupportEmail'];
		
		if(isset($_SESSION['login_id']))
			unset($_SESSION['login_id']);
		if(isset($_SESSION['user_id']))
			unset($_SESSION['user_id']);
		if(isset($_SESSION['user_type']))
			unset($_SESSION['user_type']);
		
		include_once 'Smarty.php';
		
		$smarty->assign('error', $error);
		
		$smarty->display('login.tpl.html');
	}
	
//--------------------------------------------------------------------------------------------------	
?>