. function login_get_fields() { $username = format_oneline($_REQUEST['username']); tem_set('username', $username); $password = format_oneline($_REQUEST['password']); $url = format_unix($_REQUEST['url']); tem_set('url', $url); return array($username, $password, $url); } function login_main() { if(isset($GLOBALS['url'])) { $_REQUEST['url'] = $GLOBALS['url']; tem_set('url', $GLOBALS['url']); } if(isset($_REQUEST['username'])) { list($username, $password, $url) = login_get_fields(); $row = db_get_row('people', 'id,password', 'where username=%"', $username); if($row) { list($id, $password_hash) = $row; if($password_hash && check_password($password_hash, $password)) { message("Logged in successfully."); session_new(); session_set('auth_username', "$id"); if($url) { return $url; } else { return './'; } } } tem_sub('failed'); } tem_sub('main_body'); } ?>