--- a/index.php Fri Jun 18 15:53:48 2010 +0000
+++ b/index.php Fri Jun 18 18:23:30 2010 +0000
@@ -71,6 +71,7 @@
}
if (!isset($_COOKIE['sid2']))
{
+// $sid2 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
$sid2 = $tsid2;
}
}
@@ -183,9 +184,12 @@
# $real_password = password;
$mysql = new mysqli("localhost", "www-data", "www-data", "members");
-$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
-$row = $result->fetch_assoc();
-$real_password = $row["password_md5"];
+ if (!isset($_COOKIE['uid']))
+ {
+ $result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
+ $row = $result->fetch_assoc();
+ $real_password = $row["password_md5"];
+ }
create_session($mysql, $uid, $real_password);
$result->close();