- if($username == 'test' && $password == 'test') {
- message("Logged in successfully.");
- session_new();
- session_set('auth_username', "admin:$id");
- if($url) {
- return $url;
- } else {
- return './';
+ $row = db_get_row('people', 'id,password', 'where username=%"', $username);
+
+ if($row) {
+ list($id, $password_hash) = $row;
+
+ if($password_hash && check_password($password_hash, $password)) {
+ message("Logged in successfully.");
+ session_new();
+ session_set('auth_username', "$id");
+ if($url) {
+ return $url;
+ } else {
+ return './';
+ }