<?phpsession_start();define('DB_NAME', 'OCDL');define('DB_USER', '*');de

1. <?php
2. session_start();
3. define('DB_NAME', 'OCDL');
4. define('DB_USER', '*');
5. define('DB_PASSWORD', '*');
6. define('DB_HOST', 'localhost');
7.  
8. $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
9.  
10. if (!$link) {
11. die('Could not connect: ' . mysql_error());
12. }
13.  
14. $db_selected = mysql_select_db(DB_NAME, $link);
15.  
16. if (!$db_selected) {
17. die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
18. }
19.  
20. $username = $_POST['username'];
21. $password = $_POST['password'];
22.  
23. $qry= "SELECT * FROM members WHERE username='$username';";
24. $result=mysql_query($qry);
25. $rows=mysql_fetch_object($result);
26.  
27. //Check whether the query was successful or not
28. if($result) {
29. if(mysql_num_rows($result) == 1) {
30. if($rows->authlevel == "admin") { //if it's not an admin no need to check password
31. if($password == $rows->password) {
32. session_regenerate_id();
33. $member = mysql_fetch_assoc($result);
34. $_SESSION['SESS_MEMBER_ID'] = $member['username'];
35. $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
36. $_SESSION['SESS_LAST_NAME'] = $member['username'];
37. session_write_close();
38. /*header("location: admin_index.php");*/
39. exit();
40. echo '<script type="text/javascript">alert("' . $_SESSION['SESS_FIRST_NAME'] . '")</script>';
41. echo '<script type="text/javascript">alert("' . $result . '")</script>';
42. echo '<script type="text/javascript">alert("' . $member . '")</script>';
43. } else {
44. header("location: login-failed.php"); //change for bad password etc.
45. }
46. } else {
47. header("location: login-failed.php"); //change for invalid user level ( you do not
48. }
49. } else {
50. header("location: login-failed.php");
51. }
52. } else {
53. die("Query failed"); //change for username not found, or unknown username
54. }
55. ?>