<?php
$url = $_GET['url'];
include 'functions.php';
$link = connect_softdb();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
session_start();
$_SESSION['username'] = $username;
if (isset($_POST["re"])) {
setcookie("username", $username, time() + 60 * 60 * 7, '/');
}
if (empty($_POST["username"]) || $_POST["username"] == "") {
$corruser = "******";
}
if (empty($_POST["password"]) || $_POST["password"] == "") {
$corrpass = "******";
} else {
$query = "SELECT * FROM users WHERE username='******'";
$sql = mysqli_query($link, $query);
if (mysqli_affected_rows($link) > 0) {
while ($rows = mysqli_fetch_array($sql)) {
if (@$rows['password'] == @$password) {
$_SESSION['userlogin'] = true;
if (isset($_POST["re"])) {
setcookie("userlogin", true, time() + 60 * 60 * 7, '/');
}
if ($rows['permission'] == "admin") {
echo "<meta http-equiv='refresh' content='0; url={$url}'>";
} else {
function search($searchtxt2, $select = FALSE)
{
$link = connect_softdb();
if ($select == FALSE) {
$query = "SELECT * FROM topics WHERE name LIKE '%{$searchtxt2}%'OR body LIKE '%{$searchtxt2}%'";
} else {
$query = "SELECT * FROM topics WHERE category_id='{$select}' AND(name LIKE '%{$searchtxt2}%' OR body LIKE '%{$searchtxt2}%')";
}
$sql = mysqli_query($link, $query);
return $sql;
}
