<?php $url = $_GET['url']; include 'functions.php'; $link = connect_softdb(); if (isset($_POST["submit"])) { $username = $_POST["username"]; $password = $_POST["password"]; session_start(); $_SESSION['username'] = $username; if (isset($_POST["re"])) { setcookie("username", $username, time() + 60 * 60 * 7, '/'); } if (empty($_POST["username"]) || $_POST["username"] == "") { $corruser = "******"; } if (empty($_POST["password"]) || $_POST["password"] == "") { $corrpass = "******"; } else { $query = "SELECT * FROM users WHERE username='******'"; $sql = mysqli_query($link, $query); if (mysqli_affected_rows($link) > 0) { while ($rows = mysqli_fetch_array($sql)) { if (@$rows['password'] == @$password) { $_SESSION['userlogin'] = true; if (isset($_POST["re"])) { setcookie("userlogin", true, time() + 60 * 60 * 7, '/'); } if ($rows['permission'] == "admin") { echo "<meta http-equiv='refresh' content='0; url={$url}'>"; } else {
function search($searchtxt2, $select = FALSE) { $link = connect_softdb(); if ($select == FALSE) { $query = "SELECT * FROM topics WHERE name LIKE '%{$searchtxt2}%'OR body LIKE '%{$searchtxt2}%'"; } else { $query = "SELECT * FROM topics WHERE category_id='{$select}' AND(name LIKE '%{$searchtxt2}%' OR body LIKE '%{$searchtxt2}%')"; } $sql = mysqli_query($link, $query); return $sql; }