You are now logged out'; if($dir == 2) header("Location: ../index.php"); else header("Location: index.php"); } if(isset($_POST['log_in'])) { //echo 'Login procces'; if(isset($_POST['user_name'])) $i_username = @mysqli_real_escape_string($dbc, trim($_POST['user_name'])); else $errors['User Name'] = 'You need to enter a user name!'; if(isset($_POST['password'])) $i_password = @mysqli_real_escape_string($dbc, trim($_POST['password'])); else $errors['password'] = "You need to enter a password!"; if($i_password && $i_username) { //valid username $q3 = "select * from users where user_name='$i_username'"; //echo $q3; $r3 = mysqli_query($dbc, $q3); if(@mysqli_num_rows($r3) == 1) { //echo 'das good'; $firstName = ""; while($row = mysqli_fetch_array($r3)) $firstName = $row['first_name']; $q2 = "select * from users where user_name = '$i_username' and pass ='" . SHA1($i_password . $firstName) . "'"; $r2 = mysqli_query($dbc, $q2); if(@mysqli_num_rows($r2) == 1) { while($row = mysqli_fetch_array($r2)) { $_SESSION['use'] = true; $_SESSION['fname'] = $firstName; $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['user_name']; $_SESSION['agent'] = md5($_SERVER['HTTP_USERAGENT'] . 'salt'); if($dir == 2) header("Location: ../index.php"); else header("Location: index.php"); } } else { $errors['password'] = "You entered an invalid password"; } } else { $errors['user'] = "You entered an invalid user name!"; } } } echo '

'; echo '
'; if($loggedIn) echo 'Profile'; else echo 'Log In'; echo '

'; echo '
'; if($loggedIn) { echo '

Welcome ' . $_SESSION['fname'] . '

'; if($dir == 2) { echo '
'; } else { echo '
'; } } else { if($dir == 2) echo '
'; else echo ''; echo '
'; } foreach($errors as $msg) echo " - $msg
"; echo '
';