100) return 'Invalid user or password.'; mysql_select_db('am'); $query = db_query('SELECT userid, password, salt FROM vb_user WHERE username = "'. mysql_real_escape_string($_REQUEST['user']) .'"'); if(mysql_num_rows($query) == 0){ mysql_free_result($query); mysql_select_db($dbname); return 'Invalid user or password.'; } $info = mysql_fetch_array($query, MYSQL_ASSOC); $pw = md5($_REQUEST['pw'] . $info['salt'] ); //echo $pw . '
'; if($pw != $info['password']){ mysql_free_result($query); mysql_select_db($dbname); return 'Invalid user or password.'; } if(isset($_REQUEST['forever']) && $_REQUEST['forever'] == 1) $time = 0; else $time = time() + 3600 * 24; $data = serialize( Array($info['userid'], md5($pw . $context['user']['ip'])) ); //print_r($data); //Yay, by now he has login and password correct, let's give him a cookie setcookie($cookiename, $data, $time, '/', $cookieaddr, 0 ,1); mysql_free_result($query); mysql_select_db($dbname); return 'ok'; } ?>