'._('Retrieve Password!').''; stderr(_("Login failed!"), $text); } $res = do_mysql_query("SELECT id, passhash, logintype, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'"); $row = mysql_fetch_assoc($res); if (!$row) bark(); if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) bark(); if ($row["enabled"] == "no") bark( _("This account has been disabled.") ); logincookie($row["id"], $row["passhash"]); if ($row['logintype']=="secure") do_mysql_query("UPDATE users SET loginhash='".md5(getip().$row['passhash'])."' WHERE id=$row[id]"); if (!empty($_POST["returnto"])) header("Location: ".htmlspecialchars($_POST['returnto'])); else header("Location: my.php"); ?>