if(isset($_POST['username'], $_POST['password'])) { if(get_magic_quotes_gp

1. if(isset($_POST['username'], $_POST['password']))
2. {
3. if(get_magic_quotes_gpc())
4. {
5. $ousername = stripslashes($_POST['username']);
6. $username = mysqli_real_escape_string(stripslashes($conn, $_POST['username']));
7. $password = stripslashes($_POST['password']);
8. }
9. else
10. {
11. $username = mysqli_real_escape_string($conn, $_POST['username']);
12. $password = $_POST['password'];
13. }
14. $sql = ('SELECT password,id from users where username='.$username.'');
15. $result = mysqli_query($conn, $sql);
16. $dn = mysqli_fetch_array($result);
17. if($dn['password']==sha1($password) and mysql_num_rows($sql)>0)
18. {
19. $form = false;
20. $_SESSION['username'] = $_POST['username'];
21. $_SESSION['userid'] = $dn['id'];
22. if(isset($_POST['memorize']) and $_POST['memorize']=='yes')
23. {
24. $one_year = time()+(60*60*24*365);
25. setcookie('username', $_POST['username'], $one_year);
26. setcookie('password', sha1($password), $one_year);
27. }
28. ?>