$login = isset($_REQUEST['login']) ? $_REQUEST['login'] : (isset($var['login']) ? $var['login'] : '');
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : (isset($var['password']) ? $var['password'] : '');
// has the user submitted empty fields
if (empty($login) || empty($password)) {
$msg = 'Please enter login and password!';
header('Location: ' . URL . '/login.php?msg=' . rawurlencode(htmlspecialchars($msg, ENT_QUOTES)));
exit;
}
$db->query('SELECT account_id,old_account_id FROM account ' . 'WHERE login = '******' AND ' . 'password = '******' LIMIT 1');
if ($db->nextRecord()) {
// register session
SmrSession::$account_id = $db->getField('account_id');
SmrSession::$old_account_id = $db->getField('old_account_id');
} else {
if (USE_COMPATIBILITY) {
if (!SmrAccount::upgradeAccount($login, $password)) {
$msg = 'Password is incorrect!';
header('Location: ' . URL . '/login.php?msg=' . rawurlencode(htmlspecialchars($msg, ENT_QUOTES)));
exit;
}
} else {
$msg = 'Password is incorrect!';
header('Location: ' . URL . '/login.php?msg=' . rawurlencode(htmlspecialchars($msg, ENT_QUOTES)));
exit;
}
}
}
}
// ********************************
// *
// * G a m e O p e n