Or if there are any improvements I could use?
- Code: Select all
<?php
if( isset( $_POST['username'] ) && isset( $_POST['password'] ) )
{
session_start();
require_once( '../main_includes/.htpasswd' );
$login_query = "select * from auth where username='". mysql_real_escape_string( $_POST['username'] ) ."' and password=sha1('". mysql_real_escape_string( $_POST['password'] ) ."')";
$login_result = mysql_query( $login_query )
or die( 'Could not connect: '. mysql_error() );
$num_results = mysql_num_rows( $login_result );
if( $num_results>0 )
{
$row = @mysql_fetch_row( $login_result );
if( ( $row[0] == 1 ) && ( $_POST['username'] == "admin2" ) )
$_SESSION['admin'] = $row[0];
else
$_SESSION['idnum'] = $row[0];
$numlogs = stripslashes( $row[8] ) + 1;
$num_log_query = "update auth set num_logs='". $numlogs ."', last_login='". stripslashes( $row[7] ) ."', new_login='". time() ."', status=1 where idnum=". $row[0];
$num_log_result = mysql_query( $num_log_query )
or die( 'Could not connect: '. mysql_error() );
$logname = $row[4].", ".$row[3];
$log_query = "insert into user_activity_log values(". $row[0]. ",'". $logname ."','". time() ."','Logged into account','". $_SERVER['REMOTE_ADDR'] ."',NULL)";
$log_result = mysql_query( $log_query )
or die( 'Could not connect: '. mysql_error() );
echo "<font color=\"#397D02\">Welcome ". $row[3] ." ". $row[4] ."</font><br /> <!-- user is logged in -->\n";
if( isset( $_SESSION['admin'] ) )
require_once( "../account/admin/_mylinks.php" );
else
require_once( "../account/_account_links.php" );
}
else
echo "error";
}
?>
