<?php
//Name der Datei
$filename = "login.php";

require("global.php");

if(isset($_REQUEST['action'])) $action=$_REQUEST['action'];
else $action="main";

if ($config['loginOnline'] == 0) {
  $smarty->assign("errorMSG",$loginOffline);
  $smarty->display("error_page.tpl");
} else {
  if (isset($_POST['login']) && $action == "submit") {
    $username=strtolower($_POST['username']);
    $password=c_trim(md5($_POST['pw']));
    
    //Checken ob Benutzer alle Felder ausgefuellt hat
    if (empty($_POST['username']) || empty($_POST['pw'])) {
      $smarty->assign("errorMSG",$loginDoesNotMatch);
    }
    
    //Checke Daten auf Richtigkeit
    $checkdate1 = $db->query("SELECT userId,username,passwort FROM cc1_users WHERE username='".mysql_real_escape_string($_POST['username'])."' AND '".md5(mysql_real_escape_string($_POST['pw']))."'") or die(mysql_error());
    $checkdate = $db->fetchArray($checkdate1); 
 print_r($checkdate);
    if (!isset($checkdate)) {
      $smarty->assign("errorMSG","Username oder Passwort stimmt nicht!");
    }
print mysql_real_escape_string($_POST['username']) 
. ' ' . md5(mysql_real_escape_string("schatzy")) . ' vs. ' . 
md5(mysql_real_escape_string($_POST['pw']));
    
    //Coockies setzen
    $usecookies=$_POST['usecookies'];
    if($usecookies) {
      $cookiekey = md5($checkdate['userId'].$checkdate['passwort'].time());
      mysql_query("UPDATE cc1_users SET cookiekey='$cookiekey' WHERE userId='$checkdate[userId]'");
    }     
    $userId=$checkdate['userId'];
    session_register("userId");
    $db->unbuffered_query("UPDATE cc1_users SET lastlogin='".time()."', ip='".getenv("REMOTE_ADDR")."' WHERE username='".$_POST['username']."'");
    header("LOCATION: loggedin.php?cxid=$sid");
  }
  $smarty->display("login.tpl");
}
?>