if ($_SERVER['REQUEST_METHOD']=='POST') { $user=strtolower(sanitize_and_form

1. if ($_SERVER['REQUEST_METHOD']=='POST') {
2. $user=strtolower(sanitize_and_format_gpc($_POST,'user',TYPE_STRING,$__field2format[FIELD_TEXTFIELD],''));
3. $pass=sanitize_and_format_gpc($_POST,'pass',TYPE_STRING,$__field2format[FIELD_TEXTFIELD],'');
4. if (!empty($user) && !empty($pass)) {
5. $log['level']='login';
6. $log['user_id']=!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']['email']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
7. $log['sess']=session_id();
8. $log['user']=$user;
9. $log['membership']=$_SESSION[_LICENSE_KEY_]['user']['membership'];
10. $log['ip']=sprintf('%u',ip2long($_SERVER['REMOTE_ADDR']));
11. log_user_action($log);
12. rate_limiter($log);
13. $query="SELECT a.`".USER_ACCOUNT_ID."` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `".USER_ACCOUNTS_TABLE."` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`".USER_ACCOUNT_ID."`=b.`fk_user_id` WHERE a.`".USER_ACCOUNT_USER."`='$user' IN (user, email) AND a.`".USER_ACCOUNT_PASS."`=".PASSWORD_ENC_FUNC."('$pass')";
14. if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}