connect_errno) { printf("Connect failed: %s\n", $mysqli->connect_error); exit(); } $mysqli->set_charset("utf8"); $auth = NULL; if ($require_authentication) { /* authentication */ session_name('trackme'); session_start(); $sid = session_id(); $auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : ""); $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : ""); $pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : ""); @$ssl = ($_SERVER['HTTPS'] == "" ? "http" : "https"); $auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0); // not authenticated and username not submited // load form if ((!$auth) && (!$user)){ print ' '.$lang_title.'
'.$lang_title.'
'.$lang_private.'
'.$lang_username.':

'.$lang_password.':


'.(($auth_error==1) ? $lang_authfail : "").'
'; $mysqli->close(); exit; } // username submited if ((!$auth) && ($user)){ $query = $mysqli->prepare("SELECT ID,username,password FROM users WHERE username=? LIMIT 1"); $query->bind_param('s', $user); $query->execute(); $query->bind_result($rec_ID, $rec_user, $rec_pass); $query->fetch(); $query->free_result(); //correct pass if (($user==$rec_user) && ($pass==$rec_pass)) { // login successful //delete old session $_SESSION = NULL; session_destroy(); // start new session session_name('trackme'); session_start(); $_SESSION['auth'] = $rec_ID; $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url"); exit; } else { // unsuccessful $error = "?auth_error=1"; // destroy session $_SESSION = NULL; if (isset($_COOKIE[session_name('trackme')])) { setcookie(session_name('trackme'),'',time()-42000,'/'); } session_destroy(); $mysqli->close(); $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php"); header("Location: $ssl://$url$error"); exit; } } /* end of authentication */ } ?>