Agradezco mucho su ayuda.
Código PHP:
<?php
include 'dbc.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
if ($_POST['doLogin']=='ingresar')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$user_email = $data['usr_email'];
$pass = md5($data['pwd']);
if (strpos($usr_email,'@') === false) {
$user_cond = "nick='$user_email'";
} else {
$user_cond = "email='$user_email'";
}
$user_cond .= "and password='$pass'";
$result = mysql_query("SELECT `IdTercero`,`password`,`nick`,`RazonSocial`,`perfil`,`aprobado` FROM terceros WHERE
$user_cond
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($idtercero,$password,$nick,$razonsocial,$aprobado,$perfil) = mysql_fetch_row($result);
if($aprobado=='0') {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "La cuenta no ha sido aprobada";
//header("Location: login.php?msg=$msg");
//exit();
}
//check against salt
// if ($password === PwdHash($pass,substr($password,0,9))) {
// echo $razonsocial;
// echo $nick;
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id (true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $idtercero;
$_SESSION['user_name'] = $nick;
$_SESSION['user_level'] = $perfil;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update terceros set `ctime`='$stamp', `ckey` = '$ckey' where idtercero='$id'") or die(mysql_error());
//set a cookie
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
}
header("location: http://www.vitaenature.com/tienda/redirigir.php");
//}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
$err[] = "Ingreso invalido. Por favor intente nuevamente.";
//header("Location: login.php?msg=$msg");
}
} else {
$err[] = "El nombre de usuario o la contraseña que ha ingresado no es válido, intentelo nuevamente";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<link href="estilos/jflow.style.css" type="text/css" rel="stylesheet"/>
<head>
<title>Ingreso de Usuarios Registrados</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#logForm").validate();
});
</script>
<link href="styles.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="style.css" />
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="iecss.css" />
<![endif]-->
<script type="text/javascript" src="js/boxOver.js"></script>
<style type="text/css">
</style>
</head>
<body style="color:#666;">
<h2 style="text-align:center;">
INICIAR SESION</h2>
<div style="text-align:center; font-weight:bold; color:#F00;"> <?php
/******************** ERROR MESSAGES*************************************************
This code is to show error messages
**************************************************************************/
if(!empty($err)) {
echo "<div class=\"msg\">";
foreach ($err as $e) {
echo "$e <br>";
}
echo "</div>";
}
/******************************* END ********************************/
?></div>
<form method="post" name="logForm" id="logForm" >
<table style="text-align:center;" align="center" border="0" cellpadding="0" cellspacing="0" class="loginform">
<tr>
<td width="72%"><p>Nombre de usuario</p>
<p>
<input name="usr_email" type="text" class="required" id="txtbox" style="margin-top:-18px" size="25">
</p></td>
</tr>
<tr>
<td><p>Contraseña</p>
<p>
<input name="pwd" type="password" class="required password" style="margin-top:-18px" id="txtbox" size="25">
</p></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="aceptar" type="checkbox" id="aceptar" value="1">
Acepto <a href="#">TERMINOS Y CONDICIONES</a></div></td>
</tr>
<tr>
<td colspan="2">
<p>
<input name="doLogin" type="submit" id="doLogin3" value="ingresar">
</p>
<p>Si olvido su nombre de usuario o contraseña, utilice nuestro <a href="http://www.vitaenature.com/index.php?option=com_contact&view=contact&id=1&Itemid=217" target="_top">formulario de contacto</a> o comuníquece con nosotros al teléfono: 444 48 86 para ayudarle a recuperarlos</font></p>
</td>
</tr>
</table>
</form>
</body>
</html> 
