include_once("include/config.php");$go = mysql_real_escape_string(trim($_GET

1. include_once("include/config.php");
2.  
3. $go = mysql_real_escape_string(trim($_GET['go']));
4.  
5. if (isset($go)) {
6. if ($go == "auth") {
7. if (isset($_POST['auth'])) {
8.  
9. $login = mysql_real_escape_string($_POST['login']);
10. $password = md5($_POST['password']);
11.  
12. $join = mysql_query("SELECT `login`, `password`, `access` FROM `maxim_db_user` WHERE login='".$login."' AND password='".$password."'");
13.  
14. $db_user = mysql_fetch_array($join);
15.  
16. if(!($db_user <= 0)) {
17.  
18. if($db_user['login'] == $login and $db_user['password'] == $password) {
19.  
20. $_SESSION['login'] = $login;
21. $_SESSION['password'] = $password;
22. $_SESSION['access'] = $db_user['access'];
23.  
24. header("Location: /user.php");
25.  
26. } else {
27.  
28. echo"Логин и пароль Не верные!";
29.  
30. }
31.  
32. } else {
33.  
34. echo"Логин и пароль Не верные!2";
35.  
36. }
37. } else {
38.  
39. header("Location: /404.php");
40.  
41. }
42. } else {
43.  
44. echo"Wtf?? Где GET потерял? :D";
45.  
46. }
47. }