search.php

<?php

         $mysql_host = SAE_MYSQL_HOST_M;

    $mysql_host_s = SAE_MYSQL_HOST_S;

    $mysql_port = SAE_MYSQL_PORT;

    $mysql_user = SAE_MYSQL_USER;

    $mysql_password = SAE_MYSQL_PASS;

    $mysql_database = SAE_MYSQL_DB;

 

         $mysql_table = "volunteer";

    $con = mysql_connect($mysql_host.':'.$mysql_port, $mysql_user, $mysql_password, true);

   

    if (!$con){

        die('Could not connect: ' . mysql_error());

    }

    mysql_query("SET NAMES 'UTF8'");

    mysql_select_db($mysql_database, $con);

 

         $username = mysql_real_escape_string($_POST['username']);

         $password = mysql_real_escape_string($_POST['password']);

 

         $cookie_is_not = $_POST['cookie'];

 

         $Result = mysql_query("SELECT * FROM ".$mysql_table." WHERE id='".$username."'");

    $row = mysql_fetch_array($Result);

    if ($row){

        if ($row[password] == $password){

                 if ($cookie_is_not) setcookie("id",$row[id],time()+3600*24*7);

                 else setcookie("id",$row[id]);

                 echo '<script language=\'javascript\'>window.location.replace(\'index.php\');</script>';

                 return;

        }

        else{

            echo '<script language=\'javascript\'>window.location.replace(\'volunteer.php?msg=2\');</script>';

                 return;

        }    

    }

    else{

         echo '<script language=\'javascript\'>window.location.replace(\'volunteer.php?msg=1\');</script>';

         return;

    }