<?php
	/******************************************************************/
	/*檔名:login.php																	*/
	/*說明:論文投稿登入作業															*/
	/*相關檔案:																			*/
	/*			list.php																	*/
	/*																						*/
	/******************************************************************/	
	session_start();
	
	require_once '../include/connection.php';

	if (isset($_POST['login_id']) && isset($_POST['password']))
	{
		//登入檢查-檢查登入參數是否傳遞錯誤
		if(($_POST['login_id'] == '') || ($_POST['password'] == ''))
		{	
			show_page("Parameter Passing Error!!!");
			exit;
		}
		
		//使用者身份認證檢查
		$check = auth($_POST['login_id'], $_POST['password']);
		
		//帳號密碼正常並通過登入認證
		//將帳號及相關資料加入session之中，以便認證檢查之用
			
		unset($_SESSION['login_id']);
		unset($_SESSION['user_id']);
		unset($_SESSION['user_type']);
		unset($_SESSION['user_grade']);
		unset($_SESSION['user_firstname']);
		unset($_SESSION['user_middlename']);
		unset($_SESSION['user_lastname']);
		
		
		$_SESSION['login_id'] = $_POST['login_id'];
		$_SESSION['user_id'] = $check->UserID;
		$_SESSION['user_type'] = $check->UserType;
		$_SESSION['user_grade'] = $check->UserGrade;
		$_SESSION['user_firstname'] = $check->FirstName;
		$_SESSION['user_middlename'] = $check->MiddleName;
		$_SESSION['user_lastname'] = $check->LastName;
		$_SESSION['user_courteoustitle'] = $check->CourteousTitle;
		
		if ($_SESSION['user_type'] == "Administrator")
		{
			if($_SESSION['user_grade'] == "Editor-In-Chief")
				//header("Location: ../admin/admin_manage.php?".SID);
				header("Location: ../admin/management.php?".SID);				
			elseif($_SESSION['user_grade'] == "Associate Editor")
				header("Location: ../admin_associate/admin.php?".SID);
		}
		else
		{
			/*header("Location: ../submission/list.php?<?SID?>");*/
			header("Location: ../submission/list.php?".SID);
		}
		
	   exit;
	}
	else
	{  
		show_page();
	}
	
/*------------------------------------------------------------------------------------------------------------------------*/
	function auth($login_id, $password) 
	{	//登入檢查-帳號或密碼是否有誤
		
		$AuthSQL=sprintf("SELECT UserID,UserType,UserGrade,Active,FirstName,MiddleName,LastName,CourteousTitle FROM UserInfo WHERE LoginID=%s AND Password=%s",
			GetSQLValueString($login_id, "text"),
			GetSQLValueString($password, "text"));
			
		$Result = mysql_query($AuthSQL, $GLOBALS['conn']) or die(mysql_error());
		
		if((mysql_num_rows($Result) != 1) || !($row = mysql_fetch_object($Result)))
		{	
			show_page('Your Login ID or Password is INCORRECT!');
			exit;
		}
		//檢查帳號是否啟動
		else if($row->Active != 'Yes')
		{	//該帳號未啟動	，強迫進入帳號註冊啟動頁面
			show_page('Your Login ID is INACTIVE!');
			exit;
		}
		//帳號完成正常
		else
		{	
			return $row;
		}
	}
	
/*------------------------------------------------------------------------------------------------------------------------*/
	function show_page($error = '')
	{		
		if(!isset($_SESSION['journal_id']))
		{
			$query_Recordset = "SELECT JournalID,FullName,ShortName,Alias,MailBox,ContactEmail,SupportEmail FROM JournalInfo Where JournalID='001'";
			$Recordset = mysql_query($query_Recordset, $GLOBALS['conn']) or die(mysql_error());
			$row_Recordset = mysql_fetch_assoc($Recordset);
			
			$_SESSION['journal_id'] = $row_Recordset['JournalID'];
			$_SESSION['journal_fullName'] = $row_Recordset['FullName'];
			$_SESSION['journal_shortName'] = $row_Recordset['ShortName'];
			$_SESSION['journal_alias'] = $row_Recordset['Alias'];
			$_SESSION['journal_mailBox'] = $row_Recordset['MailBox'];
			$_SESSION['journal_contactEmail'] = $row_Recordset['ContactEmail'];
			$_SESSION['journal_supportEmail'] = $row_Recordset['SupportEmail'];
		}
		
		if(isset($_SESSION['login_id']))
			unset($_SESSION['login_id']);
		if(isset($_SESSION['user_id']))
			unset($_SESSION['user_id']);
		if(isset($_SESSION['user_type']))
			unset($_SESSION['user_type']);
		if(isset($_SESSION['user_grade']))
			unset($_SESSION['user_grade']);
		
		include_once 'Smarty.php';

		$smarty->assign('error', $error);

		$smarty->display('login.tpl.html');
	}
	
//--------------------------------------------------------------------------------------------------	
?>