Untitled

<?

    // Check if user wants to login (GET info)
    if($_POST['script'] == 'login'){

    // That's nice, user wants to login. But lets check if user has filled in all information
    If(empty($_POST['account_username']) OR empty($_POST['account_password'])) {

    // At least one of the inputs is empty, display an error

    ?>

    <p>You need to enter both a username and a password.</p>

    <?


    } else {

    // User filled it all in!

    // Make variables save with mysql_real_escape_string and sha1
    $ip = $_SERVER['REMOTE_ADDR'];
    $online = '1';
    $referer = $_SERVER['HTTP_REFERER'];
    $username = mysql_real_escape_string($_POST['account_username']);
    $password = SHA1(mysql_real_escape_string($_POST['account_password']));
    mysql_query("SET time_zone = 'CET'");

    // Search for a combination
    $query = mysql_query("SELECT * FROM account WHERE username = '" . $username . "' AND sha_pass_hash = '" . $password . "' ") or die(mysql_error());

    session_start();

    // Save result
    list($user_id) = mysql_fetch_row($query);

    }

    // If the user_id is empty no combination was found
    if(empty($user_id)) {

    ?>

    <p>Wrong username or password.</p>

    <?

    } else {

    // Create new session, store the user id

    $_SESSION['user_id'] = "$user_id";

    $query_online = "UPDATE account SET online='$online', last_ip='$ip', last_login=NOW() WHERE username = '$username'";
    $result_online = mysql_query($query_online);

    // Redirect to userpanel.php

    $validatedate = uniqid();
    sql("UPDATE acount SET cookie_check='$validate' WHERE id=$user_id");
    setcookie('NEHI_USER', $user_id."|".$validate, time()+60*60*24*365, "/");

    print '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$referer.'">';

    }

    }