login.php
require_once "config.php";

if (strlen(trim($strSessionPath)) > 0)
session_save_path($strSessionPath);

session_start();

$intUserNumber = 0;
$strName = "";
$strPassword = "";
$boolError = false;
$strTempDBInfo = "";

if (empty($HTTP_POST_VARS['name']))
{
$_SESSION['usernumber'] = 0;
$_SESSION['name'] = "";
$_SESSION['message'] = "Datos Incorrectos";
$boolError = true;
}
else
{
$strName = $HTTP_POST_VARS['name'];
$strPassword = $HTTP_POST_VARS['password'];
}

if (!$boolError)
{
$strTempDBInfo = DBTYPE."_pconnect";
$conn = $strTempDBInfo($DB_HOST,$DB_USER,$DB_PASS);
}

if (!$boolError && !$conn)
{
$_SESSION['usernumber'] = 0;
$_SESSION['name'] = "";
$strTempDBInfo = DBTYPE."_error";
$_SESSION['message'] = "Unable to connect to DB server: " . $strTempDBInfo($conn);
$boolError = true;
}

$strTempDBInfo = DBTYPE."_select_db";

if (!$boolError && (!$strTempDBInfo($DB_NAME)))
{
$_SESSION['usernumber'] = 0;
$_SESSION['name'] = "";
$strTempDBInfo = DBTYPE."_error";
$_SESSION['message'] = "Unable to select DB name: " . $strTempDBInfo($conn);
$boolError = true;
}

if (!$boolError)
{
$sql = "SELECT UserNumber, UserName FROM login " .
"WHERE UserName = '$strName' AND UserPassword = '$strPassword'";

$strTempDBInfo = DBTYPE."_query";
$result = $strTempDBInfo($sql);

if (!$result)
{
$_SESSION['usernumber'] = 0;
$_SESSION['name'] = "";
$strTempDBInfo = DBTYPE."_error";
$_SESSION['message'] = "Could not successfully run query ($sql) from DB: " . $strTempDBInfo($conn);
$boolError = true;
}
}

if (!$boolError)
{
$strTempDBInfo = DBTYPE."_num_rows";

if ($strTempDBInfo($result) == 0)
{
$_SESSION['usernumber'] = 0;
$_SESSION['name'] = "";
$_SESSION['message'] = "User not found.";
$boolError = true;
}
else
{
$strTempDBInfo = DBTYPE."_fetch_assoc";
$row = $strTempDBInfo($result);

$_SESSION['usernumber'] = $row['UserNumber'];
$_SESSION['name'] = $row['UserName'];

//Updte UserLastIP here
$strUserLastIP = $_SERVER['REMOTE_ADDR'];
$sql = "UPDATE login SET UserLastIP = '$strUserLastIP' " .
"WHERE UserName = '".$row['UserName']."'";

$strTempDBInfo = DBTYPE."_query";
$result = $strTempDBInfo($sql);

if (!$result)
{
$strTempDBInfo = DBTYPE."_error";
$strMessage = "Could not successfully run query ($sql) from DB: " . $strTempDBInfo($conn);
$boolError = true;
}
else
{
$_SESSION['message'] = "";
$boolError = false;
}
}
}

if ($boolError)
{
header("Location: index.php");
}
else
{
header("Location: main.php");
}
?>