View file includes/auth.php

File size: 836B
<?php
   if(isset($_POST['login']) && isset($_POST['pass']))
   {
      $_POST = decode_array($_POST);

      $users = mysql_query('SELECT id, login FROM users WHERE login = "' . addslashes($_POST['login']) . '" AND password = "' . md5($_POST['pass']) . '"');
   }
   else
   {
      $_GET = decode_array($_GET);

      $users = mysql_query('SELECT id, login FROM users WHERE id = "' . (int)($_GET['id']) . '" AND login = "' . addslashes($_GET['p']) . '"');
   }
   if(mysql_num_rows($users) == 0)
   {
?>
<wml>
<card id="error" title="error" ontimer="main.php"><timer value="15"/>
<p align="center">
Your login failed
</p>
</card>
</wml>
<?php
      exit;
   }
   else
   {
      // show main page
      $user = mysql_fetch_array($users);
      $id = $user['id'];
      $login = $user['login'];
   }
?>