<?include 'config.php';if ($_GET[done] == 1) {session_start();mysql_co

1. <?
2. include 'config.php';
3. if ($_GET[done] == 1) {
4. session_start();
5.  
6. mysql_connect("$server", "$username", "$password") or die ($theError);
7. mysql_select_db("$database") or die ($theError);
8.  
9. function secure($variable) {
10.   $variable = addslashes(trim($variable));
11.   return $variable;
12. }
13. $username = secure($_POST['username']);
14. $password = secure($_POST['password']);
15.  
16. if((!$username) || (!$password)){
17.     echo "Please enter ALL of the information! <br />";
18.     if ($_GET[action] == admin)   {
19.     echo'<br><div class=form align="center"><form name="form" method="post" action="login.php?done=1&action=admin">
20. <b>Username:</b><br>
21. <input type="text" name="username"><br>
22. <b>Password:</b><br>
23. <input type="password" name="password"><br><br>
24. <input type="submit" name="submit" value="Log in">
25. </form></div><br>';}
26. else {
27.     include 'content/login_form.php';}
28. }
29. else {
30. $password = md5($password);
31.  
32. $sql = mysql_query("SELECT * FROM ava_users WHERE username='$username' AND password='$password' AND activate='1'");
33. $login_check = mysql_num_rows($sql);
34.  
35. if($login_check > 0){
36.     while($row = mysql_fetch_array($sql)){
37.     foreach( $row AS $key => $val ){
38.         $$key = stripslashes( $val );
39.         $user_id = ''.$row['id'].'';
40.     }
41.     if(isset($_POST['remember'])){
42.       setcookie("ava_username", $username, time()+60*60*24*100);
43.       setcookie("ava_code", $password, time()+60*60*24*100);
44.       setcookie("ava_userid", $user_id, time()+60*60*24*100);
45.     }
46.     else {
47.       setcookie("ava_username", $username);
48.       setcookie("ava_code", $password);
49.       setcookie("ava_userid", $user_id); }
50.        
51.       if ($_GET[action] == admin)   {header("Location: admin/index.php");}
52.      
53.       else if ($_GET['nexttask']) {
54.         if ($_GET['nexttask'] == 'login') {
55.         header("Location: index.php");}
56.         else {
57.       header("Location: index.php?task=".$_GET['nexttask']."&id=".$_GET['nextid']."");}}
58.       else {header("Location: index.php");}
59.     }
60. } else {
61.     echo "<B>".LOGIN_ERROR."<br /><br></B>";
62.     include 'content/login_form.php';
63. }}}
64. else if ($_GET[action] == logout)
65. {setcookie("ava_username", "", time()-60*60*24*100);
66. setcookie("ava_userid", "", time()-60*60*24*100);
67. setcookie("ava_code", "", time()-60*60*24*100);
68. header("Location: index.php");}
69. else {
70. include 'content/login_form.php';
71. }
72. ?>