$result = $fw->query($query);
if ($result) {
while ($row = $result->fetch_assoc()) {
$db_id = $row['id'];
$db_username = $row['username'];
$db_pass = $row['password'];
$db_fullname = $row['fullname'];
$db_email = $row['email'];
$db_user = $row['is_user'];
$db_admin = $row['is_admin'];
$db_superadmin = $row['is_superadmin'];
}
if (sha1($password) == @$db_pass && @$db_user == 1) {
$digest = md5($db_id . $db_username . $db_fullname . $db_pass . $db_email . $db_user . $db_admin . $db_superadmin);
$_SESSION['USER'] = array('userid' => $db_id, 'username' => $db_username, 'fullname' => $db_fullname, 'digest' => $digest, 'is_user' => $db_user, 'is_admin' => $db_admin, 'is_superadmin' => $db_superadmin);
$date = $fw->getDate();
$query2 = "update users set last_login = '******' where id = " . $_SESSION['USER']['userid'] . "";
$result2 = $fw->query($query2);
header("Location: index.php");
} elseif (sha1($password) == @$db_pass && @$db_user == 0) {
$_SESSION['login']['error'] = "The username and password were correct but access has been revoked. Please contact an admin if you feel this is an error.";
} else {
$_SESSION['login']['error'] = "The username or password that you entered is not correct.";
}
} else {
$_SESSION['login']['error'] = "The username or password that you entered is not correct or an error occured.<br />Please try logging in again.";
}
}
}
}
include_once 'header.php';
