<?php
// Gør en variabel sikker
function quote_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
// Sikre username mod farlige tegn
$match=array("&","<",">");
$replace=array("& # 3 8 ;","& # 6 0 ;","& # 6 2 ;"); //UDEN MELLEMRUM!!
$username=str_replace($match,$replace,$_POST['username']);
// Hent salt og brugernivue
mysql_connect("host", "user", "pass"); mysql_select_db("jguldag_sazo");
$salt=mysql_query("SELECT salt FROM userlogin WHERE username=".quote_smart($username)) or die(mysql_error());
$brugernv=mysql_query("SELECT brugernv FROM userlogin WHERE username=".quote_smart($username)) or die(mysql_error());
// Forberedelse af data
$pass=$_POST['password'];
$salt2=mysql_fetch_array($salt);
$cryppass=sha1(sha1($salt2['salt']).$pass);
$brugernv1=mysql_free_result($brugernv);
// Sammenligning af password
$result=mysql_query("SELECT NULL FROM userlogin WHERE username=".quote_smart($username)." AND password=".quote_smart($cryppass)) or die(mysql_error());
if (mysql_num_rows($result)>0){
session_start();
$_SESSION['username']=$username;
$_SESSION['password']=$cryppass;
$_SESSION['brugernv']=$brugernv1;
header('Location: 'sazo.kilza.dk/membersite/member.php'');
exit;
}
else {
header('Location: 'sazo.kilza.dk/index.php');}
?>
