opt(); if (isset($_GET["action"])) { if ($_GET["action"] == "logout") { session_start(); session_destroy(); } } if (!empty($_POST["username"])) { $username = $_POST["username"]; $password = $_POST["password"]; try { $stmt = $smarty->dbh()->prepare("SELECT userid, fullname, admin FROM {$opt["table_prefix"]}users WHERE username = ? AND password = {$opt["password_hasher"]}(?) AND approved = 1"); $stmt->bindParam(1, $username, PDO::PARAM_STR); $stmt->bindParam(2, $password, PDO::PARAM_STR); $stmt->execute(); if ($row = $stmt->fetch()) { session_start(); $_SESSION["userid"] = $row["userid"]; $_SESSION["fullname"] = $row["fullname"]; $_SESSION["admin"] = $row["admin"]; header("Location: " . getFullPath("index.php")); exit; } } catch (PDOException $e) { die("sql exception: " . $e->getMessage()); } $smarty->assign('username', $username); $smarty->display('login.tpl'); } else { $smarty->display('login.tpl'); } ?>