Archief - MySql & Php : phpBB & e107 logins

$phpbb_root_path = 'phpBB2/';  //Path naar forum (t.o.v. de root directory!). ZONDER DOMEINNAAM! (dus bv. ../forum ipv http://www.gamedesign.be/forum
//Login informatie ophalen!
if(!defined('IN_PHPBB'))
{
	define('IN_PHPBB', true);
}
require($phpbb_root_path . 'extension.inc');
require($phpbb_root_path . 'common.'.$phpEx);
$sessiondata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($sessiondata);

echo "<pre>".print_r($sessiondata,true)."</pre>");

<form action="login.php" method="post">
<table width=700 cellspacing=0 cellpadding=0 border=0>
    <tr >
	    <td >
			<table width=680 align=center cellpadding=0 cellspacing=0>
				<tr><td colspan="2" bgcolor="#52626C"><font class=font_menu_title>Log In -- Use your forum account's information!</font></td></tr>
				<tr bgcolor="#647682">
					<td><font class=font_menu_title>Username</font><br /></td>
					<td><input type="text" size="50" name="username"></td>
				</tr>
				<tr bgcolor="#647682">
					<td><font class=font_menu_title>Password</font></td>
					<td><input type="password" size="50" name="password"></td>
				</tr>
				<tr bgcolor="#647682">
				  <td colspan="2" align="center"><input type="checkbox" name="autologin"><font class=font_menu_title> Automatic log-in at this site</font></td>
				</tr>
				<tr bgcolor="#647682">
					<td colspan="2" align="center">
						<input type="hidden" name="action" value="login">
						<input type="hidden" name="redirect" value="<?= $_SERVER['HTTP_REFERRER'] ?>">
						<input type="submit" value="Log in" name="login">
					</td>
				</tr>
			</table>
	    </td>
	</tr>
</table>
</form>

if( isset($HTTP_POST_VARS['login']) && !$sessiondata['session_logged_in'] )
{
	$username = isset($_POST['username']) ? trim(htmlspecialchars($_POST['username'])) : '';
	$username = substr(str_replace("\'", "'", $username), 0, 25);
	$password = isset($_POST['password']) ? $_POST['password'] : '';
	$sql = "SELECT user_id, username, user_password, user_active, user_level
			FROM " . USERS_TABLE . "
			WHERE username = '" . str_replace("\'", "''", $username) . "'";
	if ( !($result = $db->sql_query($sql)) )
	{
		$error = 'Error when obtaining user data!';
	}
	elseif( $row = $db->sql_fetchrow($result) )
	{
		if( md5($password) == $row['user_password'] && $row['user_active'] )
		{
			$autologin = ( isset($_POST['autologin']) ) ? TRUE : 0;

			$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);
			if( $session_id )
			{
				$redirect = ( isset($_POST['redirect']) ) ? $_POST['redirect'] : "index.php";
				echo 'Logged in succesfully.';
				header("Location: ".$root.$redirect);
				exit;
			}
			else
			{
				$error = 'Couldn\'t start the session, please try again!';
			}
		}
		else
		{
			$error = 'Wrong password!';
		}
	}
	else
	{
		$error = 'Error: already logged in or user doesn\'t exists!';
	}
}