function receive($var) { if ($var == 'id' && !empty($_POST['id'])) { return format_sql($_POST['id'], 1); } elseif ($var == 'password' && !empty($_POST['password'])) { return format_sql($_POST['password'], 0); } elseif ($var == 'remember') { if (!empty($_POST['remember'])) { return true; } else { return false; } } else { login_return(); } }
$password = $_COOKIE['password']; } else { header("Location: login.php"); } } else { $id = receive('id'); $password = md5(receive('password')); //md5 } if ($logout == 0) { $sql = 'SELECT * FROM user WHERE ' . $login_by . '="' . $id . '" and password="******"'; $db_array = db_query($sql); //if login fail if (!array_isset($db_array)) { logout(); login_return(); } else { //set session for login session_start(); $_SESSION["user"]["uid"] = $db_array[0]['uid']; $_SESSION["user"]["title"] = $db_array[0]['title']; $_SESSION["user"]["name_first"] = $db_array[0]['name_first']; $_SESSION["user"]["name_middle"] = $db_array[0]['name_middle']; $_SESSION["user"]["name_last"] = $db_array[0]['name_last']; $_SESSION["user"]["name_nickname"] = $db_array[0]['name_nickname']; $_SESSION["user"]["email"] = $db_array[0]['email']; $_SESSION["user"]["password"] = $db_array[0]['password']; $_SESSION["user"]["type"] = $db_array[0]['type']; //record user's ip and login time $sql = 'UPDATE user SET lastlogin_ip="' . $_SERVER['REMOTE_ADDR'] . '", lastlogin_time="' . time_db(time_this()) . '" WHERE ' . $login_by . '="' . $id . '" and password="******"'; db_query($sql);