login.php
Login form has two fields (username/password), as well as a captcha
[/login.php?do=login]
Code: Select all
session_start();
$pass = mysql_real_escape_string($_POST('password'));
$pass = sha1( trim($pass) . trim($salt) );
$user = trim(mysql_real_escape_string($_POST('username')));
$sql = "SELECT * FROM users WHERE `username` = '$user' AND `password` = '$pass' LIMIT 1";
$result = $db->getrow($sql);
IF ( $result) {
session_regenerate_id();
$_SESSION('client_hash') = sha1( $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] );
//Create session variables
} ELSE {
session_destroy();
}- $_SESSION('client_hash') = sha1( $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] )