<?
include ("bd.php");
if (isset($_POST['auth_name']) && isset($_POST['auth_pass']))
{
$name=mysql_real_escape_string($_POST['auth_name']);
$pass=mysql_real_escape_string(md5($_POST['auth_pass']));
$query = "SELECT * FROM `sh_user` WHERE login='$name' AND pass='$pass'";
$res = mysql_query($query) or trigger_error(mysql_error().$query);
if ($row = mysql_fetch_array($res))
{session_start();
$_SESSION['user_id'] = $row['id'];
$ip=mysql_real_escape_string(trim(htmlspecialchars(stripslashes($_SERVER['REMOTE_ADDR']))));
mysql_query("DELETE FROM `sh_online` WHERE `ip`='$ip'");
header("Location: index.php");
}
else {echo $pass;echo '<br/>Ошибка!<br>Не правильный логин или пароль<br><a href="index.php">Вернуться</a>';}
exit();
}
if (isset($_REQUEST[session_name()])) {@session_start();}
if (isset($_SESSION['user_id'])) return;
?>