<?
require_once('../config.php');
session_start();
$action = $_GET['action'];
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = str_replace("'","",$username);
$username = str_replace("\"","",$username);
$username = str_replace(";","",$username);
$username = str_replace("$","",$username);
$username = str_replace("#","",$username);
$username = str_replace("&","",$username);
$username = str_replace("%","",$username);
$password = stripslashes($password);
$password = str_replace("'","",$password);
$password = str_replace("\"","",$password);
$password = str_replace(";","",$password);
$password = str_replace("$","",$password);
$password = str_replace("#","",$password);
$password = str_replace("&","",$password);
$password = str_replace("%","",$password);
//if defined - execure code
if ((isset($username)) && (isset($password)))
{
//start
$validate = "SELECT * FROM dbo.MEMB_INFO WHERE memb___id = '$username' AND memb__pwd = [dbo].[fn_md5]('$password','$username')";
$result = mssql_query($validate);
$login = mssql_num_rows($result);
if ($login>0)
{
$_SESSION['username'] = $username;
}
echo $_SESSION['username'];
}
//if not session not defined - show form
if (!isset($_SESSION['username']))
{
echo "<form action=index.php method=post>";
echo "<input name=username type=text><br>";
echo "<input name=password type=text><br>";
echo "<input name=submit type=submit><br>";
echo "</form>";
}
//if we want to exit - gonna exit =)
if ($action=="exit")
{
session_unset();
unset($_SESSION['username']);
echo "<script language='javascript'>";
echo "location.href='index.php'";
echo "</script>";
}
?>