<?php define('__DESTINATION__','some_url_here'); session_start();

1. <?php
2.    
3.     define('__DESTINATION__','some_url_here');
4.  
5.     session_start();
6.    
7.    
8.         $conn_id = mysql_connect($_SERVER['DB_HOST'],$_SERVER['DB_USER'],$_SERVER['DB_PASS']);
9.                    mysql_select_db($_SERVER['DB_NAME'],$conn_id);
10.                    
11.         if($_SERVER['REQUEST_METHOD'] != 'POST')
12.             exit;
13.                
14.         if(empty($_POST['username']) || empty($_POST['password']))
15.             die('You have not entered one or more required fields.');
16.                
17.         $clean = array();
18.         $clean['username'] = mysql_real_escape_string($_POST['username']);
19.         $clean['password'] = mysql_real_escape_string($_POST['password']);
20.        
21.                
22.         $mysql = 'SELECT `member_id`,`member_username`,`member_password`,`member_salt` '.
23.                  'FROM `members` '.
24.                  'WHERE `member_username` = "'.$clean['username'].'" ';
25.                      
26.         $q = mysql_query($mysql, $conn_id);
27.         $data = mysql_fetch_assoc($q);
28.                
29.         if(!mysql_num_rows($q))
30.             die('That user does not exist.');
31.            
32.         $password = $clean['password'].$data['member_salt'];
33.         $mysql .= 'AND `member_password`="'.sha1($password).'"';
34.        
35.         $q = mysql_query($mysql, $conn_id);
36.        
37.         if(!mysql_num_rows($q))
38.             die('Invalid username/password combination.');
39.        
40.         $_SESSION['userid'] = $data['member_id'];
41.         $_SESSION['is_auth'] = 1;
42.         $IP = trim($_SERVER['REMOTE_ADDR']);
43.         mysql_query('UPDATE `members` SET `member_ip`="'.$IP.'" WHERE `member_id`='.$_SESSION['userid']);
44.         //header("Location: ".__DESTINATION__);
45.    
46. ?>