<?php

/* vérifier si le login est dans la base */
/* récupérer les propriétés de l'user s'il est dans la base */

if (!$_SESSION["member"]){
	require("db.conf.php");
	$connexion = @mysql_connect(SQL_SERVER,SQL_USER,SQL_PASSWD);

	if (!$connexion) {
		echo "Erreur serveur mysql $connexion";
	} else {

		/* protection des la requete */
		$login=strip_tags($_POST["login"]); 
		$secureLogin=mysql_escape_string($login);
		$securePass=md5($_POST["passwd"]);
		$query="SELECT * FROM Users WHERE ( ".
			"LOGIN='".$secureLogin."' AND ".
			"PASS='".$securePass."' ".
			") ORDER BY login DESC LIMIT 0,1";

		$result=mysql_db_query(SQL_BASE,$query,$connexion) 
		  or die($query.":".mysql_error($connexion));

		if (mysql_num_rows($result)>0){
			$row=mysql_fetch_object($result);
			$_SESSION["member"]=$row->login;
			$_SESSION["userInfo"]=new UserInfo(
					$row->login,
					$row->accesslevel,
					$row->category,
					$row->idcat
					);

		} else { 
			// stopper la session...
			//print "$securePass";
			//session_destroy();
		}

		//mysql_close($connexion);
	}

}

if (!$_SESSION["member"]){
	header("Location: login.php");
}

?>