$return['errorText'] .= '<li>' . $email . ' is an invalid email address</li>'; } else { if (empty($password)) { $return['error'] = true; $return['errorText'] .= '<li>Your password is not valid</li>'; } else { $q = new myQuery("SELECT id, firstname, lastname, email, password, status FROM user WHERE LCASE(email)=LCASE('{$email}')"); if ($q->get_num_rows() == 1) { $res = $q->get_one_array(); $id = intval($res['id']); $hash = $res['password']; $salt = substr($hash, 0, 28) . '$'; $hash_check = crypt($password, $salt); if ($res['status'] == 'requested') { $q = new myQuery("SELECT COUNT(*) as c, COUNT(IF(id <= {$id},1,NULL)) as me FROM user WHERE status='requested'"); $wait_list = $q->get_one_row(); $return['error'] = true; $return['errorText'] .= "<li>Your account has not been authorized yet. \n Because WebMorph is in alpha testing, we are limiting the number of users. \n You are number {$wait_list['me']} of {$wait_list['c']} on the wait list.</li>"; } else { if ($res['status'] == 'disabled') { $return['error'] = true; $return['errorText'] .= "<li>Your account has been disabled.</li>"; } else { if ($hash == $hash_check) { $return['user'] = $id; $q = new myQuery("INSERT INTO login (user_id, logintime) VALUES ({$id}, NOW())"); // set session variables $_SESSION['user_id'] = $id; if ($id == 1) { $_SESSION['superuser'] = true; }