<?require("database.php");$username = $_POST["USERNAME"];$password = $_POS

1. <?
2. require("database.php");
3. $username = $_POST["USERNAME"];
4. $password = $_POST["PASSWORD"];
5. // Strip the string to prevent SQL injection
6. $username = stripslashes($username);
7. $password = stripslashes($password);
8. $_SESSION["USER"] = $username;
9. $_SESSION["PASS"] = $password;
10.     if (!mysql_connect($myDB["Host"], $myDB["Username"], $myDB["Password"])) {
11.          die('Could not connect to database.  Try again later.');
12.      }else{
13.         $username = mysql_real_escape_string($username);
14.         $password = mysql_real_escape_string($password);
15.         $result = mysql_query("SELECT * FROM `Users` WHERE `username` = '". $_SESSION["USER"] ."' AND `password` = '". sha1($_SESSION["PASS"] ."'"));
16.         if($result){
17.             $row = mysql_fetch_array($result);
18.             echo "Welcome, ". $row['username'];
19.             $user = $row;
20.             $Authed = true;
21.         }else{
22.             $Authed = false;
23.             if($Page["Title"] != "User Control Panel"){
24.                 echo "<span class=\"auth\">You are not authenticated, please <a href='?page=login.php'>login</a>.</span>";
25.             }
26.         }
27.      }
28. ?>