function action_login()
{
$username = $_POST['username'];
$password = $_POST['password'];
$where = "username='******' AND password=PASSWORD('" . $password . "')";
$result = sql_select("users", $where);
$row = mysql_fetch_array($result);
if ($row['ID']) {
ses_set("userID", $row['ID']);
ses_set("username", $row['username']);
ses_set("fullname", $row['surname'] . " " . $row['lastname']);
ses_set("admin", $row['group']);
mysql_query("UPDATE users SET visits = visits + 1 WHERE username='******'") or die("Query failed : " . mysql_error());
return true;
} else {
return false;
}
}
require "inc/output.inc.php";
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
ses_start();
sql_connect();
if (!action_checklogin()) {
if (!action_login()) {
action_redirect("login.php");
}
}
$mod = $_GET['m'];
if ($mod) {
ses_set("module", $mod);
} else {
$mod = ses_get("module");
}
switch ($_GET['a']) {
case 1:
unset($mod);
break;
case 3:
action_redirect($_GET['page']);
break;
case 9:
action_logout();
break;
}
if (mod_getadmin($mod)) {