<?php
error_reporting(7);
session_start();
$megauser=array(19,20,21,22);
$readonly=array(62,23,25,26,27,28,40,65,24,22); //25- Погорелов 28 - Дзибалов 22- Искаков
$v2users=array(19,20,21,24,64,23,28);
$fin_division=array(40,65);
if(empty($_SESSION["id_user"]) && $_SERVER['REQUEST_URI']!="/budget/" && $_SERVER['REQUEST_URI']!="/budget/?err=1"){
//Показать форму ввода логина пароля
header("Location: /budget/");
}elseif(!empty($_POST["password"])){
//Проверить логин и пароль
require_once("classes/sqlsrv.php");
$DB = new sqlsrv;
$DB->db_connect();
$q1=$DB->select("id_user,branch,id_division,FIO, session_hash","BUDGET_USERS","login='".mysql_escape_string($_POST["login"])."' and password='".md5($_POST["password"])."'");
if($DB->has_rows($q1)===true){
//Введенный логин правильный
$tf1=$DB->fetch_row($q1);
if($tf1["session_hash"]=="BLOCKED"){
header("Location: /budget/blocked.php");
die();
}
$_SESSION["id_user"]=$tf1["id_user"];
$_SESSION["FIO"]=$tf1["FIO"];
$_SESSION["branch"]=$tf1["branch"];
$_SESSION["division"]=$tf1["id_division"];

$to_update=array(
"lastlogin_IP"=>$_SERVER['REMOTE_ADDR'],
"lastlogin_time"=>date("d.m.Y H:i:s"),
);
$DB->update($to_update,"BUDGET_USERS","id_user=".$tf1["id_user"]);
if(in_array($tf1["id_user"],$megauser) || in_array($tf1["id_user"],$readonly) || in_array($tf1["id_user"],$v2users)){
header("Location: /budget/branches.php");
}elseif($tf1["id_division"]>189){
header("Location: /budget/headoffice.php");
}else{
header("Location: /budget/division.php");
}

}else{
//Введен не правильный логин пароль
header("Location: /budget/?err=1");
}
}
?>