function receive($var)
{
if ($var == 'id' && !empty($_POST['id'])) {
return format_sql($_POST['id'], 1);
} elseif ($var == 'password' && !empty($_POST['password'])) {
return format_sql($_POST['password'], 0);
} elseif ($var == 'remember') {
if (!empty($_POST['remember'])) {
return true;
} else {
return false;
}
} else {
login_return();
}
}
$password = $_COOKIE['password'];
} else {
header("Location: login.php");
}
} else {
$id = receive('id');
$password = md5(receive('password'));
//md5
}
if ($logout == 0) {
$sql = 'SELECT * FROM user WHERE ' . $login_by . '="' . $id . '" and password="******"';
$db_array = db_query($sql);
//if login fail
if (!array_isset($db_array)) {
logout();
login_return();
} else {
//set session for login
session_start();
$_SESSION["user"]["uid"] = $db_array[0]['uid'];
$_SESSION["user"]["title"] = $db_array[0]['title'];
$_SESSION["user"]["name_first"] = $db_array[0]['name_first'];
$_SESSION["user"]["name_middle"] = $db_array[0]['name_middle'];
$_SESSION["user"]["name_last"] = $db_array[0]['name_last'];
$_SESSION["user"]["name_nickname"] = $db_array[0]['name_nickname'];
$_SESSION["user"]["email"] = $db_array[0]['email'];
$_SESSION["user"]["password"] = $db_array[0]['password'];
$_SESSION["user"]["type"] = $db_array[0]['type'];
//record user's ip and login time
$sql = 'UPDATE user SET lastlogin_ip="' . $_SERVER['REMOTE_ADDR'] . '", lastlogin_time="' . time_db(time_this()) . '" WHERE ' . $login_by . '="' . $id . '" and password="******"';
db_query($sql);
