equal
deleted
inserted
replaced
43 $_SESSION["lastmod"] = time(); |
43 $_SESSION["lastmod"] = time(); |
44 |
44 |
45 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
45 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
46 { |
46 { |
47 //Username and password are set, lets try to authenticate. |
47 //Username and password are set, lets try to authenticate. |
48 $result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"] ."' AND password='". md5($_SESSION["userpwd"]) ."' AND active=1"); |
48 $result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); |
49 if($result->numRows() == 1) |
49 if($result->numRows() == 1) |
50 { |
50 { |
51 $rowObj = $result->fetchRow(); |
51 $rowObj = $result->fetchRow(); |
52 $_SESSION["userid"] = $rowObj["id"]; |
52 $_SESSION["userid"] = $rowObj["id"]; |
53 $_SESSION["name"] = $rowObj["fullname"]; |
53 $_SESSION["name"] = $rowObj["fullname"]; |