From c33d7500fb4fecf97fbd070bfe8da242faed5269 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Wed, 21 Mar 2001 23:16:41 +0000
Subject: [PATCH] Changed to tie in with session code updates

git-svn-id: file:///svn/phpbb/trunk@119 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/login.php | 73 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 51 insertions(+), 22 deletions(-)

diff --git a/phpBB/login.php b/phpBB/login.php
index bb59dd5acc..1c8d4207c6 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -24,34 +24,63 @@
 include('extension.inc');
 include('common.'.$phpEx);
 
-if($submit)
+if(isset($HTTP_POST_VARS['submit']) || isset($HTTP_GET_VARS['submit']))
 {
-   $userdata = get_userdata($username, $db);
-   if($userdata["error"])
-   {
-		error_die($db, LOGIN_FAILED);
-	}
-   else 
+	if($HTTP_POST_VARS['submit'] == "Login" && !$userdata['session_logged_in'])
 	{
-		if(!auth("login", $db))
-	  	{
-	   	error_die($db, LOGIN_FAILED);
-	  	}
-		else 
-	  	{
-	   	$sessid = new_session($userdata[user_id], $user_ip, $session_cookie_time, $db);
-			set_session_cookie($sessid, $session_cookie_time, $session_cookie, "", "", 0);
-			header("Location: index.$phpEx");
+
+		$username = $HTTP_POST_VARS["username"];
+		$password = $HTTP_POST_VARS["password"];
+		$sql = "SELECT *
+			FROM ".USERS_TABLE."
+			WHERE username = '$username'";
+		$result = $db->sql_query($sql);
+		if(!$result)
+		{
+			error_die($db, "Error in obtaining userdata : login");
+		}
+	
+		$rowresult = $db->sql_fetchrow($result);
+		if(count($rowresult))
+		{
+			if(md5($password) == $rowresult["user_password"])
+			{
+				$session_id = session_begin($db, $rowresult["user_id"], $user_ip, $session_length, 1, $rowresult["user_password"]);
+				if($session_id)
+				{
+					header("Location: index.$phpEx");
+				}
+				else
+				{
+					error_die($db, "Couldn't start session : login");
+				}
+			}
+			else
+			{
+				error_die($db, LOGIN_FAILED);
+			}
+		}
+		else
+		{
+			error_die($db, LOGIN_FAILED);
 		}
 	}
-}
-else if($logout)
-{
-	if($user_logged_in)
+	else if($HTTP_GET_VARS['submit'] == "logout" && $userdata['session_logged_in'])
 	{
-		end_user_session($userdata["user_id"], $db);
+		if($userdata['session_logged_in'])
+		{
+			session_end($db, $userdata["session_id"], $userdata["user_id"]);
+		}
+		header("Location: index.$phpEx");
 	}
+	else
+	{
+		header("Location: index.$phpEx");
+	}
+}
+else
+{
 	header("Location: index.$phpEx");
 }
-   
+
 ?>