here to return the member only area." ); include "footer.inc"; } if (isset($_POST['submit'])) { // if form has been submitted /* check they filled in what they were supposed to and authenticate */ if(!$_POST['uname'] | !$_POST['passwd']) { die('You did not fill in a required field.'); } // authenticate. if (!get_magic_quotes_gpc()) { $_POST['uname'] = addslashes($_POST['uname']); } // $check = $db_object->query("SELECT username, password FROM member_logins WHERE username = '".$_POST['uname']."'"); $check = $db_object->query("SELECT username, crypted_password FROM member_logins WHERE username = '".$_POST['uname']."'"); if (DB::isError($check) || $check->numRows() == 0) { include "header.inc"; include "loginform.inc"; die('That username does not exist in our database.'); include "footer.inc"; } $info = $check->fetchRow(); // check passwords match $_POST['passwd'] = stripslashes($_POST['passwd']); $info['password'] = stripslashes($info['crypted_password']); $_POST['passwd'] = md5($_POST['passwd']); if ($_POST['passwd'] != $info['password']) { include "header.inc"; include "loginform.inc"; die('Incorrect password, please try again.'); include "footer.inc"; } // if we get here username and password are correct, //register session variables and set last login time. $check = $db_object->query("select last_login from member_logins where username = '".$_POST['uname']."'"); $info = $check->fetchRow(); $lastLogin = $info['last_login']; $date = date('m d, Y'); $update_login = $db_object->query("UPDATE member_logins SET last_login = '$date' WHERE username = '".$_POST['uname']."'"); $_POST['uname'] = stripslashes($_POST['uname']); $_SESSION['username'] = $_POST['uname']; $_SESSION['password'] = $_POST['passwd']; $db_object->disconnect(); // redirect them to anywhere you like. header('location: home.php'); ?>