session_start(); $why=$_GET[why]; if (isset($_SESSION['admin'])) { header("Location: http://www.vallesturasport.it/admin.php"); //print"sono loggato"; } //inizio controllo user e pass da cookie elseif (!isset($_SESSION['admin'])) { if(isset($_COOKIE['sav_user'])) { $info_cok=$_COOKIE['sav_user']; $cok_user=strtok($info_cok,"%%"); $cok_pass=strtok("%%"); setcookie("sav_user",$info_cok,time()+31536000); mysql_connect("localhost","utentedbsport","sportweb"); $result2=mysql_db_query(vallesturasport_data,"select * from login where user='$cok_user'"); $rowu=mysql_fetch_array($result2); if (mysql_num_rows($result2)!=0) { $passbase=$rowu[pass]; $passbase=md5($passbase); if ($passbase==$cok_pass) { $_SESSION[admin]=$cok_user; //sono loggato da cookie header("Location: http://www.vallesturasport.it/admin.php"); } } } //fine controllo user e pass da cookie if (IsSet($_POST['posted_username']) && IsSet($_POST['posted_password'])) { //print"che cavolo"; // connessione al db $conn = mysql_connect("localhost","utentedbsport","sportweb") or die("Errore durante la connessione al database"); // selezione db $select = mysql_select_db("vallesturasport_data") or die("Impossibile selezionare il database"); $posted_username=ereg_replace("[^A-Za-z0-9]", "", $_POST[posted_username]); $posted_password=ereg_replace("[^A-Za-z0-9]", "", $_POST[posted_password]); $result=mysql_query("select * from login where user='".$posted_username."' and pass='".$posted_password."'") or die (mysql_error()); $loggato=mysql_num_rows($result); if ($loggato==1) { $_SESSION[admin]=$_POST[posted_username]; if (IsSet($_POST['ricorda']) && IsSet($_SESSION['admin'])) { //creazione cookie per login automatico $cok=$posted_username."%%".md5($posted_password); setcookie("sav_user",$cok,time()+31536000); if (!IsSet($_COOKIE['PHPSESSID'])) { header("Location: http://www.vallesturasport.it/nocookie.php"); //print"nocookie"; } } header("Location: http://www.vallesturasport.it/admin.php"); end(); //print"sono loggato 2"; } else { //print"NON sono loggato 2"; header("Location: http://www.vallesturasport.it/login.php?why=incorrect"); } } else { print"