<?php// put full path to Smarty.class.phprequire('/usr/share/php/smarty/Sm

1. <?php
2.  
3. // put full path to Smarty.class.php
4. require('/usr/share/php/smarty/Smarty.class.php');
5. $smarty = new Smarty();
6.  
7. $smarty->template_dir = '/home/buildingbrowsergames/public_html/game/php/smarty/templates';
8. $smarty->compile_dir = '/home/buildingbrowsergames/public_html/game/php/smarty/templates_compile';
9. $smarty->cache_dir = '/home/buildingbrowsergames/public_html/game/php/smarty/cache';
10. $smarty->config_dir = '/home/buildingbrowsergames/public_html/game/php/smarty/configs';
11.  
12. session_start();
13. if($_POST) {
14. require_once 'config.php';
15. $username = $_POST['username'];
16. $password = $_POST['password'];
17. $conn = mysql_connect($dbhost,$dbuser,$dbpass)
18. or die ('Error connecting to mysql');
19. mysql_select_db($dbname);
20. $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
21. mysql_real_escape_string($username),
22. mysql_real_escape_string(md5($password)));
23. $result = mysql_query($query);
24. list($count) = mysql_fetch_row($result);
25. if($count == 1) {
26. $_SESSION['authenticated'] = true;
27. $_SESSION['username'] = $username;
28. header('Location:changepass.php');
29. } else {
30. $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
31. mysql_real_escape_string($username),
32. mysql_real_escape_string(md5('saltgoeshere' . $password)));
33. $result = mysql_query($query);
34. list($count) = mysql_fetch_row($result);
35. if($count == 1) {
36. $_SESSION['authenticated'] = true;
37. $_SESSION['username'] = $username;
38. $query = sprintf("UPDATE users SET last_login = NOW() WHERE UPPER(username) = UPPER('%s') AND password = '%s'",
39. mysql_real_escape_string($username),
40. mysql_real_escape_string(md5('saltgoeshere' . $password)));
41. mysql_query($query);
42. $query = sprintf("SELECT is_admin FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
43. mysql_real_escape_string($username),
44. mysql_real_escape_string(md5('saltgoeshere' . $password)));
45. $result = mysql_query($query);
46. list($is_admin) = mysql_fetch_row($result);
47. if($is_admin == 1) {
48. header('Location:admin.php');
49. } else {
50. header('Location:index.php');
51. }
52. } else {
53. $error = 'There is no username/password combination like that in the database.';
54. }
55. }
56. }
57.  
58. $smarty->assign('error',$error);
59. $smarty->display('login.tpl');
60. ?>