//keep query string
$bolShowLogin = 0;
//By default this is one until someone logs in.
$dbconn = mysql_connect($db_hst, $db_un, $db_pw) or die($msg_conn_err . " {$db_hst}, {$db_un}, {$db_pw}");
mysql_select_db($db) or die($db_err);
$result = mysql_query("UPDATE {$db_tbl_name_sessions} SET {$db_col_name_sessions_sid_time} = UNIX_TIMESTAMP() WHERE {$db_col_name_sessions_sid} = {$sid};");
mysql_close($dbconn);
}
} elseif (isset($_POST[$form_pw])) {
$pw = clean_string_for_db($_POST[$form_pw], $MAX_PASSWORD_LENGTH);
$obj = new sql_string($db_tbl_name_members);
$obj->set_db_col_aliases(array($db_col_name_member_pw));
$obj->set_db_where($db_col_name_member_pw . " = '" . $pw . "'");
$str_SQL = $obj->get_SQL();
$obj = new sql_query($db_hst, $db_un, $db_pw, $db, $str_SQL);
$ary_data = $obj->get_data();
if ($ary_data == 0) {
print "Invalid Password<br>";
} else {
//Delete old entries in tblSessions
$dbconn = mysql_connect($db_hst, $db_un, $db_pw) or die($msg_conn_err . " {$db_hst}, {$db_un}, {$db_pw}");
mysql_select_db($db) or die($db_err);
$result = mysql_query("DELETE FROM {$db_tbl_name_sessions} WHERE UNIX_TIMESTAMP() - {$db_col_name_sessions_sid_time} > {$MAX_UPDATE_SESSION_TIME};");
//Create sid
$sid = rand(1000, 9999) . date("j") . rand(1000, 9999);
//Insert sid into table
$result = mysql_query("INSERT INTO {$db_tbl_name_sessions} SET {$db_col_name_sessions_sid} = {$sid}, {$db_col_name_sessions_sid_time} = UNIX_TIMESTAMP();");
if ($result == 0) {
print "error insert<br>";
} else {
$qs = $qs . $db_col_name_member_sid . "=" . $sid;
