user_id . "," . $row->auth; /* kick out other login sessions for this user and note auth in user table */ mysql_query_wrapper("update users set user_auth='$row->auth' where user_id='$row->user_id'"); /* tell user's browser to send cookie with id,auth */ setcookie("session", $sess, time()+86400*365); /* change password if requested */ if ($_POST[password1]) { $md5new = md5($_POST[password1]); mysql_query_wrapper("update users set user_password_md5='$md5new' where user_password_md5='$md5' and user_id='$row->user_id'"); } /* show list of tickets (or return to location if "r" var supplied) */ if ($_POST['r']) header ("Location: {$_POST['r']}"); else header ("Location: list.php"); } else { barf ("Incorrect username or password."); } ?>