$link = mysql_connect("gabrielc.ipowermysql.com", "mesoscopic", "magnetism") or die("Could not connect!");
mysql_select_db("kentlab") or die("Database not found");
$username=$_REQUEST["username"];
$password=$_POST["password"];
$mo=$_GET["mo"];
$ye=$_GET["ye"];
if ($username) {
$encryptedpassword=md5($password);
// you should inspect these variables before passing off to mySQL
$query = "SELECT login FROM members ";
$query .= "WHERE login='$username' AND (password=MD5('$password') OR date(logged)=date(SYSDATE()))";
//echo ($query);
$result = mysql_query($query);
if(mysql_num_rows($result)) {
include 'calendar.php';
// we have at least one result, so update the logged in datetime
$query = "UPDATE members SET logged=SYSDATE()";
$query .= "WHERE login='$username' AND password=MD5('$password') ";
mysql_query($query);
printf("
Upload files ");
printf("
PROVIDERS & ITEM NUMBERS ");
printf("
Insert new activity ");
calendar($mo,$ye,$username);
} else {
printf ("");
exit();
}
}else {
printf ("");
}
?>