<?
	$obj=new data("pcourt");
	$method=new method();
	//  c_lan1
		$cmd="SELECT court_name FROM pcourt WHERE c_lan=1 ";
		$dat=$obj->getCmdData($cmd);
		$_SESSION[syscourt_name]=$dat[court_name];

	if($_REQUEST[btnOk]&&$_POST){
		/*$cmd="SELECT * FROM pcourt WHERE court_id='".$_REQUEST[user_name]."'";
		$dat=$obj->getCmdData($cmd);
		if(empty($dat[court_name])){
			$errMsg='ไม่พบข้อมูลผู้ใช้งานระบบ';
		}else{
			//echo $dat[password].':'.md5($_REQUEST[password]).":'".$_REQUEST[password]."':".md5('300.002').""; exit;
			if($dat[password]!=md5($_REQUEST[password])){
				$errMsg='รหัสผ่านไม่ถูกต้อง';
			}else{
				$_SESSION[user_name]=$dat[court_name];
				$_SESSION[court_running]=$dat[court_running];
			}
		}*/
		//echo $_SESSION[court_name]; exit;
		//if(empty($_SESSION[court_name])){
			if (preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[user_name])||preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[password])||preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[user_full_name])||preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[id_card])||preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[tel_no])||preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[address])||preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $_REQUEST[email])) {
				$method->alert('Invalid input format!!');
				$method->go('index.php');
			}
			if(preg_match('/javascript/i', $_REQUEST[user_name])||preg_match('/javascript/i', $_REQUEST[password])||preg_match('/http:/i', $_REQUEST[user_name])||preg_match('/https:/i', $_REQUEST[user_name])||preg_match('/http:/i', $_REQUEST[password])||preg_match('/https:/i', $_REQUEST[password])){
				$method->alert('Invalid input!');
				$method->go('index.php');
				exit;
			}
			if(!empty($_REQUEST[user_name])){
				$_REQUEST[user_name]=htmlspecialchars($_REQUEST[user_name]);
				$_REQUEST[password]=htmlspecialchars($_REQUEST[password]);
				$_REQUEST[user_name]=htmlentities($_REQUEST[user_name]);
				$_REQUEST[password]=htmlentities($_REQUEST[password]);
				$cmd="SELECT u.*, c.court_id, c.court_name FROM puser u
							LEFT JOIN pcourt c ON u.court_running=c.court_running
							WHERE u.user_name='".$_REQUEST[user_name]."'";
				$dat=$obj->getCmdData($cmd);
				if(empty($dat[user_name])){
					$errMsg='ไม่พบข้อมูลผู้ใช้งานระบบ';
				}else{
					//echo $dat[password].':'.md5($_REQUEST[password]).':'.$_REQUEST[password].'|'; exit;
					if($dat[password]!=md5($_REQUEST[password])){
						$errMsg='รหัสผ่านไม่ถูกต้อง';
					}else{
						//if(!empty($dat[user_full_name]))
						//	$_SESSION[user_name]=$dat[user_name];
						//else
						$_SESSION[user_name]=$dat[user_full_name];
						$_SESSION[user_id]=$dat[user_id];
						$_SESSION[admin_flag]=$dat[admin_flag];
						$_SESSION[court_running]=$dat[court_running];
					}
				}
			}
		//}
		//echo $_SESSION[user_name];exit;
		if(empty($_SESSION[user_name])){
			$method->alert($errMsg);
			$method->go('index.php');
		}else{
			if($_SESSION[admin_flag]=='1')
				$method->go('main.php?s_id='.session_id());
			else
				$method->go('user.php?s_id='.session_id());
		}
	}
?>