<?php session_start(); require_once('config.php'); require_on

1. <?php
2.  
3.  
4.  
5. session_start();
6.  
7.  
8. require_once('config.php');
9. require_once('functions.php');
10.  
11.  
12. $errmsg_arr = array();
13.  
14.  
15. $errflag = false;
16.  
17.  
18. $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
19. if(!$link) {
20. die('Failed to connect to server: ' . mysql_error());
21. }
22.  
23.  
24. $db = mysql_select_db(DB_DATABASE);
25. if(!$db) {
26. die("Unable to select database");
27. }
28.  
29.  
30.  
31. $login = clean($_POST['login']);
32. $password = clean($_POST['password']);
33.  
34.  
35. if($login == '') {
36. $errmsg_arr[] = 'Login ID missing';
37. $errflag = true;
38. }
39. if($password == '') {
40. $errmsg_arr[] = 'Password missing';
41. $errflag = true;
42. }
43.  
44.  
45. if($errflag) {
46. $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
47. session_write_close();
48. header("location: index.php");
49. exit();
50. }
51.  
52.  
53. $qry="SELECT * FROM users WHERE username='$login' AND userpw='".md5($_POST['password'])."'";
54. $result=mysql_query($qry);
55.  
56.  
57. if($result) {
58. if(mysql_num_rows($result) == 1) {
59.  
60. session_regenerate_id();
61. $member = mysql_fetch_assoc($result);
62. $_SESSION['SESS_MEMBER_ID'] = $member['userid'];
63. $_SESSION['SESS_FIRST_NAME'] = $member['username'];
64. session_write_close();
65. header("location: index.php");
66. exit();
67. }else {
68.  
69. header("location: index.php?login=failed");
70. exit();
71. }
72. }else {
73. die("Query failed");
74. }
75. ?>