Untitled

<?php

    /*
    *   Hey! This file processes the given
    *   credentials to see if they're correct!
    *   If something goes wrong, an error code
    *   is returned to the login page.
    */

function got_error($id = 0) {
    // This function returns the error...
    Header('HTTP/1.1 500 Access Denied');
    Header('Location: ./?err='.(is_numeric($id) ? $id : 0));
    return;
}


// Checking the basic stuff here.
if(empty($_POST)) return got_error();
if(empty($_POST['user'])&&empty($_POST['pass'])) return got_error(1);
if(empty($_POST['user'])||empty($_POST['pass'])) return got_error((empty($_POST['user'])?2:3));

// Attempt to connect to the MySQL database!.
$conn = @mysql_connect('localhost:3306', 'photofroggy', '-');
if(!$conn) {
    echo mysql_error();return;
    got_error(4);
}
if(!@mysql_select_db('photofroggy_main', $conn)) got_error(4);
// Query the database with the given login details.
$query = @mysql_query(
    'SELECT * FROM user WHERE Username=\''.$_POST['user'].'\' AND Password=\''.sha1($_POST['pass']).'\''
);
if(!$query) got_error(4);
// Get the data from the user table!
$rows = array();
while($row = mysql_fetch_assoc($query)) { $rows[] = $row; }
// Now we know if the login was right or not.
if(empty($rows)) return got_error(5);
// If all is good, we can move on! Here we create an authtoken and get a timestamp.
$token = sha1(time()+microtime());
$ts = time();
// Now we put the token and timestamp in the user table.
$query = mysql_query("UPDATE user SET Authtoken='$token',Timestamp='$ts' WHERE Username='".$row['Username'].'\'');
// An error could occur here...
if(!$query) return got_error(4);
// But we set a cookie if all is well!
setcookie('blogg:user', array('username' => $row['Username'], 'authtoken' => $token), $ts+3600);
// And then we return to the homepage!
Header('HTTP/1.1 200 SUCCESS');
Header('Location: ../');

?>