[X]
<?php
// ...
if (isset($_POST['user']) && isset($_POST['pass'])) {
$id = sqlite_escape_string($_POST['user']);
$pass = sqlite_escape_string($_POST['pass']);
$query = "SELECT id, username FROM users
WHERE password='{$pass}' AND id={$id} LIMIT 1";
if ($result = $db->query($query)) {
$user = $db->fetch();
// ...
$query = "SELECT id, level FROM priv WHERE id = '{$id}'
AND level > 0 LIMIT 1";
$result2 = $db->query($query);
if ($result2 && $result2->numRows() > 0) {
$admin = true;
} else {
$admin = false;
}
// ...
} else {
// ...
}
}
?>