if (isset($_POST['credentials_username']) && isset($_POST['credentials_password'

1. if (isset($_POST['credentials_username']) && isset($_POST['credentials_password']))
2. {
3. $frontpage->SetParam('credentials_username', $_POST['credentials_username']);
4.  
5. $credUser = filter($_POST['credentials_username']);
6. $credPass = $core->UberHash($_POST['credentials_password']);
7.  
8. $errors = array();
9.  
10. if (strlen($_POST['credentials_username']) < 1)
11. {
12. $errors[] = "Please enter your username";
13. }
14.  
15. if (strlen($_POST['credentials_password']) < 1)
16. {
17. $errors[] = "Please enter your password";
18. }
19.  
20. $numRows = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='". $credUser ."'"));
21.  
22. $resultedPassword = mysql_result(mysql_query("SELECT password FROM users WHERE username='". $credUser ."'"), 0);
23.  
24. if($numRows!=1){
25.  
26. $errors[] = "User doesn't even exist, how could you possibly enter Habplus?";
27.  
28. }
29. else
30. if($credPass!=$resultedPassword){
31. $errors[] = "Password is not associated with the account!";
32. }
33.  
34. if (count($errors) == 0)
35. {
36. if ($users->ValidateUser($credUser, $credPass))
37. {
38. if (isset($_POST['page']))
39. {
40. $reqPage = filter($_POST['page']);
41. $pos = strrpos($reqPage, WWW);
42.  
43. if ($pos === false || $pos != 0)
44. {
45. die("<b>Security warning!</b> A malicious request was detected that tried redirecting you to an external site. Please proceed with caution, this may have been an attempt to steal your login details. <a href='" . WWW . "'>Return to site</a>");
46. }
47. else
48. {
49. $_SESSION['page-redirect'] = $reqPage;
50. }
51. }
52.  
53. $_SESSION['UBER_USER_N'] = $users->GetUserVar($users->Name2id($credUser), 'username');
54. $_SESSION['UBER_USER_H'] = $credPass;
55.  
56. if (isset($_POST['_login_remember_me']))
57. {
58. $_SESSION['set_cookies'] = true;
59. }
60.  
61. header("Location: " . WWW . "/security_check");
62. exit;
63. }
64. else
65. {
66. $errors[] = "An error has occured, please contact a system administrator.";
67. }
68. }
69.  
70. if (count($errors) > 0)
71. {
72. $loginResult = '<style>
73. body{
74. margin:0;
75. }
76. #error{
77. font-family: verdana;
78. font-size: 12px;
79. font-weight:bold;
80. padding: 15px;
81. color:white;
82. text-align:center;
83. }
84. .red {
85. background-color:#CB2121;
86. }
87. </style>';
88.  
89. $errCnt = 0;
90. foreach ($errors as $err)
91. {
92. if($errCnt) {
93. $loginResult .= '<div id="error" class="red">' . $err . '';
94. } else {
95. $loginResult .= '<div id="error" class="red">' . $err . '</div>';
96. }
97. $errCnt++;
98. }
99.  
100. $loginResult .= '</div>';
101.  
102. $frontpage->SetParam('login_result', $loginResult);
103. }
104. }