function query()
{
$login = $_GET['login'];
$password = $_GET['password'];
$sessionid;
$mysqli = new mysqli(DBSERVER, DBUSER, DBPWD, DB);
////set the query
$query = sprintf("SELECT * FROM `user` WHERE `user`.`userlogin`='%s' AND `user`.`userpassword`='%s' AND `user`.`userisactive`=1", $mysqli->real_escape_string($_GET['login']), MD5($_GET['password']));
echo $query;
$result = $mysqli->query($query);
if ($result) {
//no errors
if ($result->num_rows == 0) {
return "<access>Echec d'authentification pour utilisateur {$login}</access><user><login>" . $row->userlogin . "</login>" . "<password>" . $row->userpassword . "</password>" . "<nom>" . $row->userlastname . "</nom>" . "<prenom>" . $row->userfirstname . "</prenom></user>";
} else {
$row = $result->fetch_object();
$sessionid = createsession($row->userid);
updatelastlogin($row->userid);
return "<access>OK</access><user><userid>" . $row->userid . "</userid>" . "<login>" . $row->userlogin . "</login>" . "<password>" . $row->userpassword . "</password>" . "<nom>" . $row->userlastname . "</nom>" . "<prenom>" . $row->userfirstname . "</prenom>" . "<lastlogin>" . $row->userlastlogin . "</lastlogin>" . "<sessionid>{$sessionid}</sessionid></user>";
}
} else {
echo $mysqli->error;
}
$mysqli->close();
}
function authenticate($usid)
{
createsession($usid);
refreshsessions($usid);
header("Location:home.php");
}
