require('security.php'); if ($_SERVER['QUERY_STRING'] == 'logout') { doLogout(); header('location: index.php'); exit; } if (isLoggedIn()) { header('location: index.php'); exit; } if ($_SERVER['QUERY_STRING'] == 'login') { require('../include/database.php'); $pkPUZZLE_USER_ID = mysql_query_scalar('SELECT pkPUZZLE_USER_ID FROM PUZZLE_USER WHERE USERNAME = \'' . $_POST['USERNAME'] . '\' AND PASSWORD = \'' . $_POST['PASSWORD'] . '\''); if ($pkPUZZLE_USER_ID != '') { doLogin($pkPUZZLE_USER_ID, $_POST['USERNAME'], $_POST['COOKIE']); mysql_close($connection); header('location: index.php'); exit; } else $login_exception = 'Username or password incorrect.'; mysql_close($connection); } if ($_SERVER['QUERY_STRING'] == 'register') { require('../include/database.php'); // check for existing username if (mysql_query_scalar('SELECT pkPUZZLE_USER_ID FROM PUZZLE_USER WHERE USERNAME = \'' . $_POST['R_USERNAME'] . '\'') != '') $register_exception = 'Username exists, try another.'; else { // add user to the database and log them in $query = "INSERT INTO PUZZLE_USER (USERNAME, PASSWORD, EMAIL, DATE_INSERTED) VALUES ('{$_POST['R_USERNAME']}', '{$_POST['PASSWORD']}', " . (($_POST['R_EMAIL'] == '') ? 'NULL' : "'{$_POST['R_EMAIL']}'") . ", NOW())"; $result = mysql_query($query) or die('insert failed..'); doLogin(mysql_insert_id($connection), $_POST['R_USERNAME'], $_POST['COOKIE']); mysql_close($connection); header('location: index.php'); exit; } mysql_close($connection); } ?>