function check_post_values($db, $data)
{
// Is there username and password given in POST-data?
if (isset($data['username']) && isset($data['password'])) {
// No SQL-injections!
$username = mysql_real_escape_string($data['username']);
$password = mysql_real_escape_string($data['password']);
// Get user information by username
$q = 'SELECT id, username, password FROM rs_users WHERE ' . 'username="******"';
try {
$ret = $db->query($q);
} catch (Exception $e) {
echo 'Virhe tietokantakyselyssä!';
die;
}
// If we found in database user, then check password
if ($db->numRows($ret) > 0) {
$row = $db->fetchAssoc($ret);
// Is password correct? If it is, then set
// session variables.
if ($row[0]['password'] == sha1($password)) {
$_SESSION['id'] = $row[0]['id'];
$_SESSION['username'] = $row[0]['username'];
// Icon to show
$_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear_app_clean.png';
$_SESSION['message'] = 'Olet kirjautunut sisään ' . 'käyttäjätunnuksella "' . $username . '"';
$cUsers = new CUsers($db, $_SESSION);
$_SESSION['unseen_comments'] = $cUsers->countUnseenComments($_SESSION['id']);
} else {
// Icon to show
$_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear_app_logout.png';
// Someting went wrong! Show error.
$_SESSION['message'] = 'Virheellinen salasana!';
}
} else {
// Icon to show
$_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear_app_logout.png';
// Someting went wrong! Show error.
$_SESSION['message'] = 'Käyttäjätunnusta ei löytynyt!';
}
}
}