real_escape_string( $_POST['password']);
$username =$mysqli->real_escape_string( $_POST['username']);
$letters = str_split($password2);
$first = $letters[0];
$first = sha1($first);
$full = $first . sha1($password2);
//Attempt login.
//login($_POST['username'], $full);
$querybc="SELECT id FROM useraccounts WHERE username='$username' and password='$full'";
if ($result = $mysqli->query($querybc)) {
while ($rowbc = $result->fetch_assoc()) {
$id=$rowbc['id'];
setcookie("username", $id, time() + (3600 * 1), "/");
}
$result->close();
}
$mysqli->close();
if ($id != "") {
if ($id == '465420') {
$_SESSION['username'] = $username;
$_SESSION['password'] = $full;
echo "";
}
else {
$_SESSION['username'] = $username;
$_SESSION['password'] = $full;
echo "";
}
}
else {
echo "LOGINBAD";
}
}
include("dbinfo.inc.php");
$mysqli = new mysqli($myserver,$uname,$pword, $database);
$login = $mysqli->real_escape_string( $_GET['seclog']);
?>
