if (isset($_POST['user']) && isset($_POST['pass'])) {
$user = addslashes($_POST['user']);
$q = $db_conn->query(
"SELECT username, pass, first_name, last_name, access_level, email ".
"FROM users ".
"WHERE username = $user AND active = true ".
"LIMIT 1");
if ($q->numRows() == 1) {
$pass = crypt($_POST['user'], SITE_CRYPT);
$user = $q->fetchRow(MDB2_FETCHMODE_ASSOC, 0);
if ($user['pass'] == $pass) {
$_SESSION['club_username'] = $user['username'];
$_SESSION['club_name'] = $user['first_name']." ".$user['last_name'];
$_SESSION['club_email'] = $user['email'];
$_SESSION['club_acl'] = $user['access_level'];
$msg = "Access Granted. Jambo ".$_SESSION['club_name'];
$db_conn->exec(
"UPDATE users SET last_login = now() ".
"WHERE username = '".$_SESSION['username']."'");
} else {
$msg = "Password Incorrect. Access Denied.";
}
} else {
$msg = "User doesn't exist. Access Denied.";
}
}