<?php
include 'mysqlHandler.php';
$logged_in = false;
openConnection();
$u = mysql_real_escape_string($_POST['username']);
$p = hashPassword($_POST['password']);
$_POST['password'] = "";
$sql = "select username from user where username = '" . $u . "' and password = '" . $p . "'";
$result = executeQuery($sql);
if ($result) {
while ($row = mysql_fetch_array($result)) {
if ($row['username'] == $u) {
$logged_in = true;
}
}
}
if ($logged_in) {
setcookie("user", $_POST['username'], time() + (604800));
header("Location:index.php");
} else {
header('Location:login.php?bad_login=1&username=' . $_POST["username"]);
}
closeConnection();
?>