You must enter your username.";
} elseif (isset($_POST["loginattempt"]) && !$_POST["pwtemp"]) {
$error .= "
You must enter your password.
";
} elseif (isset($_POST["loginattempt"])) {
require_once($root_dir."includes/dbconnect.php");
$sqlbase = dbConnect();
// sanitizing form input data for username
//$logintemp = $_POST["logintemp"];
if (isset($_POST['logintemp']) && checkUsername($_POST['logintemp'])) {
$logintemp = $_POST['logintemp'];
} else {
$logintemp = '';
}
// sanitizing form input data for password
//$pwtemp = $_POST["pwtemp"];
$pwtemp = strip_tags($_POST["pwtemp"]);
$mysql = "SELECT password,userID,created,loggedin FROM $userstable WHERE user='".mysql_real_escape_string($logintemp)."'";
$result = mysql_query($mysql); echo mysql_error();
$row = mysql_fetch_array($result);
if (stripslashes($row["password"]) == $pwtemp) # Extra Auth stuff here
{
$login = $logintemp;
$_SESSION["login"] = $login; # session cookie
$_SESSION["userID"] = $row[userID];
setcookie("remlogin", $login, time()+60*60*24*90); # Remember login name 90 days
$sql = "UPDATE $userstable SET " .
"loggedin=NOW() " .
"WHERE userID=\"$row[userID]\" ";
mysql_query($sql); echo mysql_error();
dbClose($sqlbase);
header("Location: index.php");
} else {
$error .= "
You specified the wrong
username or password.
";
dbClose($sqlbase);
}
}
##################################################################
# We only get here if they still must log on
##################################################################
include_once("header.inc.php");
$script = $_SERVER["PHP_SELF"];
if (isset($_POST['logintemp']) && checkUsername($_POST['logintemp'])) {
$logintemp = $_POST['logintemp'];
} else {
$logintemp = '';
}
//$logintemp = (isset($_POST['logintemp']) ? checkUsername($_POST['logintemp']) : false);
//$logintemp = $_POST["logintemp"];
if (!$logintemp && isset($_COOKIE["remlogin"])) $logintemp = $_COOKIE["remlogin"];
?>
