<?phpinclude('function.php');$host="allenleidb.db.9130322.hostedresource.c

1. <?php
2. include('function.php');
3.  
4. $host="allenleidb.db.9130322.hostedresource.com"; // Host name
5. $username="allenleidb"; // username
6. $password="Plsw84gs"; // password
7. $db_name="allenleidb"; // Database name
8. $tbl_name="accounts"; // Table name
9.  
10. // Replace database connect functions depending on database you are using.
11. mysql_connect("$host", "$username", "$password");
12. mysql_select_db("$db_name");
13.  
14. // username and password sent from form
15. //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
16. $u = mysql_real_escape_string($_POST['username']);
17. $username=mysql_real_escape_string($_POST['username']);
18.  
19. $p = mysql_real_escape_string($_POST['password']);
20. $password=mysql_real_escape_string($_POST['password']);
21.  
22. $s = mysql_query("SELECT * FROM `accounts` WHERE `name`='".sql_sanitize($u)."'") or die(mysql_error());
23. $i = mysql_fetch_array($s);
24.  
25. if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']) {
26.     $user = mysql_query("SELECT * FROM `accounts` WHERE `name`='".sql_sanitize($i['name'])."' AND `password`='".sql_sanitize($i['password'])."'") or die(mysql_error());
27.     $auser = mysql_fetch_array($user);
28.     $_SESSION['id'] = $auser['id'];
29.     $_SESSION['name'] = $auser['name'];
30.     if($auser['webadmin'] == "1"){
31.         $_SESSION['admin'] = $auser['webadmin'];
32.     }
33.     header("location:login_success.php");
34. } else {
35.     echo "wrong password";
36. }
37. ?>