Location: PHPKode > projects > Ptk-forensics > ptk/lib/login.php
<?php
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("../config/config.inc.php");
include("sanitize.php");
include ("loggerClass.php");
session_start();
if (isset($_SESSION['login']) && strcmp($_SESSION['login'],$_POST['token']) == 0){

$conn = mysql_connect($db_host, $db_user, $db_password)
or die ("Error connecting to database");

mysql_select_db($db_name);

$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$pass = sha1($pass);

$query=mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass' AND is_locked=0");
$line = mysql_fetch_array($query, MYSQL_ASSOC);
mysql_close();
if (mysql_num_rows($query) > 0){
	session_cache_expire(30);
	session_regenerate_id();
	$_SESSION['logged']="loggedin";
	$_SESSION['user']=sanitize(RemoveXSS($user),PARANOID);
	$_SESSION['stat']=1;
	$_SESSION['ip']= $HTTP_SERVER_VARS["REMOTE_ADDR"];
	new Log($_SESSION['ip'], $_SESSION['user'], 'User logged in');	
	if (file_exists("../config/force_update")) {
	       	header("location:update_ptk_version.php");
	}
	else {
		header("location:home.php");
	}
}
else {
	session_start();
	$_SESSION['ip']= $HTTP_SERVER_VARS["REMOTE_ADDR"];	
	new Log($_SESSION['ip'], sanitize(RemoveXSS($_POST['username']),PARANOID), 'Login error');
	header("location:../index.php?err");
}
}else{
	header("location:../index.php?err");
}
?>
Return current item: Ptk-forensics