class login { public function check($db_link, $name, $pass) {

1. class login {
2. public function check($db_link, $name, $pass)
3. {
4. $name = @mysqli_real_escape_string($db_link, stripslashes($name));
5. $pass = @mysqli_real_escape_string($db_link, stripslashed($pass));
6. $sha_pass = sha1(strtoupper($nick).":".strtoupper($pass));
7.  
8. $result = @mysqli_query($db_link, "SELECT id, username FROM account WHERE username = '".$name."' AND sha_pass_hash = '".$sha_pass."'");
9. $result2 = @mysqli_query($db_link, "SELECT gmlevel FROM account_access WHERE id IN (SELECT id FROM account WHERE username = '".$name."') AND RealmID = '1'");
10. if(!$result)
11. {
12. Outlog::error(4, $db_link, __FILE__, __LINE__);
13. }
14. else if (!$result2)
15. {
16. Outlog::error(4, $db_link, __FILE__, __LINE__);
17. }
18. else if($result AND $result2)
19. {
20. $count = mysqli_num_rows($result);
21. if($count == '1')
22. {
23. $row1 = mysqli_fetch_array($result);
24. $row2 = mysqli_fetch_array($result2);
25. $_SESSION["Username"] = $row1["username"];
26. $_SESSION["ID"] = $row1["id"];
27. $_SESSION["GMLevel"] = $row2["gmlevel"];
28. return true;
29. }
30. else
31. {
32. return false;
33. }
34. }
35. }
36.  
37. public function login_user($log)
38. {
39. if($log == true)
40. {
41. $_SESSION["Logged"];
42. header("location:logged.php");
43. }
44. else if (!empty($_POST))
45. {
46. header("location:index.php?bad_log");
47. }
48. }
49. }