"" && trim($_POST['user_pass']) <> "") {
$user_name = $_POST['user_name'];
$result = mysql_query("SELECT user_id, user_pass, user_level FROM user WHERE user_name='$user_name'") or die(mysql_error());
if(mysql_num_rows($result) > 0) {
if(!strcmp(md5($_POST['user_pass']), mysql_result($result, 0, "user_pass"))) {
// all ok, user logged in
$_SESSION['suser_id'] = mysql_result($result, 0, "user_id");
$_SESSION['suser_level'] = mysql_result($result, 0, "user_level");
header("Location: index.php");
} else {
// not ok, break session
$_SESSION = array();
session_destroy();
}
// clear mysql-result
mysql_free_result($result);
}
}
echo 'Error!';
}
?>