<?php
	/******************************************************************/
	/*�ɦW:login.php																	*/
	/*����:�פ�f�d�n�J�@�~																*/
	/*�����ɮ�:																			*/
	/*			list.php																	*/
	/*																						*/
	/******************************************************************/
	session_start();
	
	require_once '../include/connection.php';
	if (isset($_POST['login_id']) && isset($_POST['password']))
	{
		//�n�J�ˬd-�ˬd�n�J�ѼƬO�_�ǻ����~
		if(($_POST['login_id'] == '') || ($_POST['password'] == ''))
		{	
			show_page('Parameter Passing Error!!!');
			exit;
		}
		
		//�ϥΪ̨����{���ˬd
		$check = auth($_POST['login_id'], $_POST['password']);	

		//�b���K�X���`�óq�L�n�J�{��
		//�N�b���ά�����ƥ[�Jsession�����A�H�K�{���ˬd����

		unset($_SESSION['login_id']);
		unset($_SESSION['user_id']);
		unset($_SESSION['user_type']);
		unset($_SESSION['user_grade']);
		
		$_SESSION['login_id'] = $_POST['login_id'];
		$_SESSION['user_id'] = $check->UserID;
		$_SESSION['user_type'] = $check->UserType;
		$_SESSION['user_grade'] = $check->UserGrade;

		//include_once 'fun_log.php';
		//add_log(1, $check->UserID);		//�s�W�@��"�n�J�t��"�O�� - Log & UserInfo
		//add_message();						//�W�u�q��
		
		header("Location: ../review/list.php?".SID);
	   exit;
	}
	else
	{  
		show_page();
	}	

/*------------------------------------------------------------------------------------------------------------------------*/
	function auth($login_id, $password) 
	{	//�n�J�ˬd-�b���αK�X�O�_���~		
		
		$AuthSQL=sprintf("SELECT UserID,UserGrade,Active,UserType FROM UserInfo WHERE LoginID=%s AND Password=%s",
			GetSQLValueString($login_id, "text"),
			GetSQLValueString($password, "text"));
			
		$Result = mysql_query($AuthSQL, $GLOBALS['conn']) or die(mysql_error());
		
		if((mysql_num_rows($Result) != 1) || !($row = mysql_fetch_object($Result)))
		{	
			show_page('Your Login ID or Password is INCORRECT!');
			exit;
		}
		//�ˬd�b���O�_�Ұ�
		else if($row->Active != 'Yes')
		{	//�ӱb�����Ұ�	�A�j���i�J�b�����U�Ұʭ���
			show_page('Your Login ID is INACTIVE!');
			exit;
		}
		//�b���������`
		else
		{	
			return $row;
		}
	}
	
/*------------------------------------------------------------------------------------------------------------------------*/
	function show_page($error = '')
	{		
		if(!isset($_SESSION['journal_id']))
		{
			$query_Recordset = "SELECT JournalID,FullName,ShortName,Alias,MailBox,ContactEmail,SupportEmail FROM JournalInfo Where JournalID='001'";
			$Recordset = mysql_query($query_Recordset, $GLOBALS['conn']) or die(mysql_error());
			$row_Recordset = mysql_fetch_assoc($Recordset);
			
			$_SESSION['journal_id'] = $row_Recordset['JournalID'];
			$_SESSION['journal_fullName'] = $row_Recordset['FullName'];
			$_SESSION['journal_shortName'] = $row_Recordset['ShortName'];
			$_SESSION['journal_alias'] = $row_Recordset['Alias'];
			$_SESSION['journal_mailBox'] = $row_Recordset['MailBox'];
			$_SESSION['journal_contactEmail'] = $row_Recordset['ContactEmail'];
			$_SESSION['journal_supportEmail'] = $row_Recordset['SupportEmail'];
		}
		
		if(isset($_SESSION['login_id']))
			unset($_SESSION['login_id']);
		if(isset($_SESSION['user_id']))
			unset($_SESSION['user_id']);
		if(isset($_SESSION['user_type']))
			unset($_SESSION['user_type']);
		if(isset($_SESSION['user_grade']))
			unset($_SESSION['user_grade']);
		
		include_once 'Smarty.php';

		$smarty->assign('error', $error);

		$smarty->display('login.tpl.html');
	}	
//--------------------------------------------------------------------------------------------------	
?>