Untitled


        <?php
                                require_once('Connect.php');
                if(!isset($_SESSION['SESS_USERNAME']) || (trim($_SESSION['SESS_USERNAME']) == ''))
                {
                    echo '
                        <form id="loginForm" name="loginForm" method="post" action="login-exec.php">
                        <font face="arial" size="3">Username:<br></font>
                        <input name="username" type="text" class="textfield" id="login" />
                        <br>
                        <br>
                        <font face="arial" size="3">Password:<br></font>
                        <input name="password" type="password" class="textfield" id="password" />
                        <br>
                        <br>
                        <font face="arial" size="3">Password:<br></font>
                        <input name="AdminPassword" type="Apassword" class="textfield" id="Apassword" />
                                                <input type="submit" name="Submit" value="Login" />
                        </form>';
                }
                else
                {
                    echo '<font face="arial" size="4"><p><b>Welcome</b><br><font face="arial" size="6"><i>'.$_SESSION['SESS_USERNAME'].'</i></p></font></font>';
                }
            ?>


<?php
    //Start session
    session_start();

    require_once('Connect.php');

    //Validation error flag
    $errflag = false;

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $username = clean($_POST['username']);
    $password = clean($_POST['password']);

    //Input Validations
    if($username == '') {
        $_SESSION['ERRMSG_ARR'] = 'Username missing.';
        $errflag = true;
    }
    if($password == '') {
        $_SESSION['ERRMSG_ARR'] = 'Password missing.';
        $errflag = true;
    }
    If($Apassword == ") {
        $_SESSION['ERRMSG_ARR'] = 'Adminpassword missing.';
        $errflag = true;
    }

    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_PAGE'] = 'adminpanel.php';
        session_write_close();
        header("location: /error.php");
        exit();
    }

    //Create query
    $qry="SELECT * FROM `Users`  WHERE `Username` = '$username' AND `Password` = '".udb_hash($password)."' LIMIT 1";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_USERNAME'] = $member['Username'];
            $_SESSION['SESS_ADMIN'] = $member['Level'];
            session_write_close();
            header("location: /adminpanel.php");
            exit();
        }else {
            //Login failed
            $_SESSION['ERRMSG_ARR'] = 'Invalid Username or Password.';
            $_SESSION['ERRMSG_PAGE'] = 'playerpanel.php';
            session_write_close();
            header("location: /error.php");
            exit();
        }
    }else {
        die("Query failed");
    }

    function udb_hash($pass)
    {
        $length = strlen($pass);
        $s1 = 1;
        $s2 = 0;

        for($i=0; $i<$length; $i++)
        {
          $s1 = ($s1 + ord($pass[$i])) % 65521;
          $s2 = ($s2 + $s1)       % 65521;
        }
        $wy= ($s2 << 16) + $s1;
        return $wy;
    }
?>

SELECT * FROM `AdminPass` WHERE `Apassword`