<?/* login.php (c) 2000 Ying Zhang (ying@zippydesign.com) * * TERMS OF USAGE: * This file was written and developed by Ying Zhang (ying@zippydesign.com) * for educational and demonstration purposes only.  You are hereby granted the  * rights to use, modify, and redistribute this file as you like.  The only * requirement is that you must retain this notice, without modifications, at * the top of your source code.  No warranties or guarantees are expressed or * implied. DO NOT use this code in a production environment without * understanding the limitations and weaknesses pretaining to or caused by the * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK! *//****************************************************************************** * MAIN *****************************************************************************/include("application.php");/* form has been submitted, check if it the user login information is correct */if (match_referer() && isset($HTTP_POST_VARS)) {	$user = verify_login($HTTP_POST_VARS["username"], $HTTP_POST_VARS["password"]);	if ($user) {		$SESSION["user"] = $user;		$SESSION["ip"] = $REMOTE_ADDR;				/* if wantsurl is set, that means we came from a page that required		 * log in, so let's go back there.  otherwise go back to the main page */		$goto = empty($SESSION["wantsurl"]) ? $CFG->wwwroot : $SESSION["wantsurl"];		header("Location: $goto");		die;	} else {		$errormsg = "Invalid login, please try again";		$frm["username"] = $HTTP_POST_VARS["username"];	}}include("$CFG->templatedir/login_form.php");/****************************************************************************** * FUNCTIONS *****************************************************************************/function verify_login($username, $password) {/* verify the username and password.  if it is a valid login, return an array * with the username, firstname, lastname, and email address of the user */	$qid = db_query("	SELECT username, firstname, lastname, email, priv	FROM users	WHERE username = '$username' AND password = '" . md5($password) . "'	");	return db_fetch_array($qid);}?>