$password = $_POST["password"]; //attempt to log this user in $query = "select activated, id, pword, fname, lname from users where email='{$email}';"; $res = mysql_query($query); if (mysql_numrows($res) > 0) { $activated = mysql_result($res, 0, "activated"); if ($activated != 0) { $stored_pword = mysql_result($res, 0, "pword"); if (md5($password) == $stored_pword) { //ok, so this is a good user, log them in using a session $_SESSION['loggedin'] = 'true'; $_SESSION['fname'] = mysql_result($res, 0, "fname"); $_SESSION['lname'] = mysql_result($res, 0, "lname"); $_SESSION['userid'] = mysql_result($res, 0, "id"); $_SESSION['email'] = $email; $_SESSION['accounttype'] = accountType(mysql_result($res, 0, 'id')); //also, if they requested cookies, load that up. if (isset($_POST['stayloggedin']) && $_POST['stayloggedin'] == 'true') { $expr = time() + 60 * 60 * 24 * 30; // 30 days from now setcookie("email", $email, $expr); setcookie("password", md5($password), $expr); setcookie("accounttype", $_SESSION['accounttype'], $expr); } //now re-direct user to the appropriate page. $path_prefix = $WEBSITE_ROOT; if ($_SESSION['accounttype'] == 'parent') { header('Location: ' . $path_prefix . '/parents.php'); } else { header('Location: ' . $path_prefix . '/sitters.php'); }
<?php $login_required = true; include 'include/ops.php'; include 'include/user_header.php'; $page_title = "E-Sitters"; if (!isset($_GET['uid'])) { die("Invalid page link."); } $uid = mysql_real_escape_string($_GET["uid"]); $res = mysql_query("select * from users where id='{$uid}';"); if (mysql_numrows($res) <= 0) { die("User doesnt exist"); } $userinfo = mysql_fetch_array($res); $issitter = accountType($uid) == "babysitter"; if ($issitter) { $res = mysql_query("select * from babysitters where user_id='{$uid}';"); if (mysql_numrows($res) <= 0) { die("User is corrupt."); } $sitterinfo = mysql_fetch_array($res); $sitterid = $sitterinfo["id"]; } else { $res = mysql_query("select * from parents where user_id='{$uid}';"); if (mysql_numrows($res) <= 0) { die("User is corrupt."); } $parentinfo = mysql_fetch_array($res); $parentid = $parentinfo["id"]; }