entered_password" . $entered_password;
$entered_username = $_POST['username'];
// echo "
entered_username" . $entered_username;
if ($entered_username != NULL AND $entered_password != NULL){
$host = "localhost";
$user = "bedbreak_admin";
$password = "3SMQfQah";
$connection = mysql_connect($host,$user,$password) or die ("Couldn't connect to server");
$database = "bedbreak_availability";
$db = mysql_select_db($database) or die ("Couldn't connect to database");
$query = "SELECT * FROM a1_member WHERE username = '$entered_username' OR email = '$entered_username'";
// echo $query;
$result = mysql_query($query) or die ("Couldn't execute query.");
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$realpass = $row['password'];
$version = $row['version'];
$entered_username = $row['username']; // incase they entered their email
//password 2 (forum password)
$hash = sha1(strtolower($entered_username) . $entered_password);
// echo "
" . $hash;
$salt = substr ($entered_password, 0, 2);
$hash2 = crypt($entered_password, $salt);
// echo "
" . $hash2;
if ($realpass == $hash2 OR $realpass == $hash){
$secret_word = 'hou5e mu5ic';
if ($version == 2){
setcookie('login',$entered_username.','.md5($entered_username.$secret_word),time( ) + (60 * 60 * 24 * 7), '/account/');
header("Location: http://www.bedbreakfastavailability.co.uk/account/");
}
else{
setcookie('login',$entered_username.','.md5($entered_username.$secret_word),time( ) + (60 * 60 * 24 * 7));
header( "Location: http://www.bedbreakfastavailability.co.uk/advert/advert_details.php" );
}
}
else {
header('HTTP/1.0 401 Unauthorized');
header( "Location: http://www.bedbreakfastavailability.co.uk/login2.htm?error=error" );
}
}
?>