if (isset($_POST['submit'])) { require_once $_SERVER['DOCUMENT_ROOT']."/con

1. if (isset($_POST['submit'])) {
2. require_once $_SERVER['DOCUMENT_ROOT']."/config/config.php";
3. $username = mysql_real_escape_string($_POST['username']);
4. $password = mysql_real_escape_string($_POST['password']);
5. if (empty($errors)) {
6. $query = "SELECT id, salt FROM users WHERE username = '$username' LIMIT 1";
7. $result = mysql_query($query);
8. if (mysql_num_rows($result) > 0) {
9. $id = mysql_result($result,0,"id");
10. $salt = mysql_result($result,0,"salt");
11. $password = hash_pass($password.$salt.PASSWORD_SALT);
12. $query = "SELECT username, password, lang FROM users WHERE id = '$id' AND password = '$password' LIMIT 1";
13. $result = mysql_query($query);
14. if (mysql_num_rows($result) > 0) {
15. $username = mysql_result($result,0,"username");
16. $password = mysql_result($result,0,"password");
17. # use first 10 of password as Session key.
18. $password = substr($password, 0, 10);
19. if ($_POST['remember'] == "1"){
20. setcookie ('key', $password, time() + 2592000);
21. setcookie ('id', $id, time() + 2592000);
22. }
23. session_start();
24. $_SESSION['username'] = $username;
25. $_SESSION['id'] = $id;
26. $_SESSION['key'] = $password;
27. $_SESSION['lang'] = mysql_result($result,0,"lang");
28. header("Location: profile");
29. } else {
30. $errors[] = $incorrect_user_or_pass;
31. }
32. } else {
33. $errors[] = $incorrect_user_or_pass;
34. }
35. }
36. }