<?php//connect to dbrequire('config.php');mysql_connect($host, $user,

1. <?php
2.  
3. //connect to db
4. require('config.php');
5.  
6. mysql_connect($host, $user, $pass) or die('Bad mysql settings; fix config.php');
7. mysql_select_db($db) or die('Database does not exist; fix config.php');
8.  
9.  
10. //check login
11. session_start();
12.  
13. $in = ($_SESSION['logged_in'] == 'Yes');
14.  
15. if ($_GET['action'] == 'logout') {
16. $in = false;
17. $admin = false;
18. }
19.  
20. if (!$in) {
21. //check if they're trying to login
22. if ($_POST) {
23. $u = mysql_real_escape_string($_POST['username']);
24. $p = md5($_POST['password']);
25. if (!empty($u) && !empty($p)) {
26. $valid_users = mysql_query("SELECT * FROM users WHERE username='$u' AND password='$p'");
27. if (mysql_num_rows($valid_users) > 0) {
28. //log me in
29. $user_data = mysql_fetch_array($valid_users);
30. $_SESSION['logged_in'] = 'Yes';
31. $_SESSION['user'] = $user_data['user'];
32. $_SESSION['username'] = $user_data['username'];
33. $_SESSION['admin'] = $user_data['admin'];
34. $in = true;
35.  
36. }
37. }
38. }
39. }
40.  
41.  
42.  
43. if($_SESSION['admin'] == 1) {
44. $admin = true; }
45.  
46.  
47. //change pw clicked
48. //if($_GET['action'] == "changepw") {
49. // $changepw = true; }
50.  
51. //changing pw?
52. if($_POST) {
53. $changepw = mysql_real_escape_string($_POST['changepw']);
54. $changepw2 = mysql_real_escape_string($_POST['changepw2']); }
55.  
56. //do the pws match / change
57. if (!empty($changepw) && !empty($changepw2)) {