function action_login() { $username = $_POST['username']; $password = $_POST['password']; $where = "username='******' AND password=PASSWORD('" . $password . "')"; $result = sql_select("users", $where); $row = mysql_fetch_array($result); if ($row['ID']) { ses_set("userID", $row['ID']); ses_set("username", $row['username']); ses_set("fullname", $row['surname'] . " " . $row['lastname']); ses_set("admin", $row['group']); mysql_query("UPDATE users SET visits = visits + 1 WHERE username='******'") or die("Query failed : " . mysql_error()); return true; } else { return false; } }
require "inc/output.inc.php"; header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); ses_start(); sql_connect(); if (!action_checklogin()) { if (!action_login()) { action_redirect("login.php"); } } $mod = $_GET['m']; if ($mod) { ses_set("module", $mod); } else { $mod = ses_get("module"); } switch ($_GET['a']) { case 1: unset($mod); break; case 3: action_redirect($_GET['page']); break; case 9: action_logout(); break; } if (mod_getadmin($mod)) {