You are now logged out'; if($dir == 2) header("Location: ../index.php"); else header("Location: index.php"); } if(isset($_POST['log_in'])) { //echo 'Login procces'; if(isset($_POST['user_name'])) $i_username = $db->escapeString( trim($_POST['user_name'])); else $errors['User Name'] = 'You need to enter a user name!'; if(isset($_POST['password'])) $i_password = $db->escapeString( trim($_POST['password'])); else $errors['password'] = "You need to enter a password!"; if($i_password && $i_username) { //valid username $q3 = "select * from users where user_name='$i_username'"; $r3 = $db->querySingle($q3, true); if($r3) //not empty { $firstName = $r3['first_name']; $q2 = "select * from users where user_name = '$i_username' and pass ='" . SHA1($i_password . $firstName) . "'"; $r2 = $db->querySingle($q2, true); if($r2) { $_SESSION['use'] = true; $_SESSION['fname'] = $firstName; $_SESSION['user_id'] = $r2['user_id']; $_SESSION['username'] = $r2['user_name']; $_SESSION['agent'] = md5($_SERVER['HTTP_USERAGENT'] . 'salt'); if($dir == 2) header("Location: ../index.php"); else header("Location: index.php"); } else { $errors['password'] = "You entered an invalid password"; } } else { $errors['user'] = "You entered an invalid user name!"; } } } echo '

'; echo '
'; if($loggedIn) echo 'Profile'; else echo 'Log In'; echo '

'; echo '
'; if($loggedIn) { echo '

Welcome ' . $_SESSION['fname'] . '

'; if($dir == 2) { echo '
'; } else { echo '
'; } } else { if($dir == 2) echo '
'; else echo ''; echo '
'; } foreach($errors as $msg) echo " - $msg
"; echo '
';