session_save_path("/home/users/web/b1913/ipw.unitedrealtycent/cgi-bin/tmp");
session_start();
header("Cache-control: private");
/* SIMPLE CHECK TO SEE IF THE FORM HAS BEEN SUBMITTED OR IF ACCESS TO THE LOGIN
IS BEING ATTEMPTED THROUGH A URL VARIABLE */
if (isset($user_valid)) {
/* SECURITY MEASURE FOR URL VARIABLES TRYING TO ACCESS LOGIN */
if (isset($_POST['login_submit'])) {
$secure_access = $_POST['login_submit'];
$ok_check = str_replace("Login","login_granted",$secure_access);
/* NOW BEGIN TO CHECK IF PASSWORDS AND USERNAMES ARE CORRECT */
if (eregi("login_granted",$ok_check)) {
$u_n = $_POST['username'];
$p_w = $_POST['password'];
include 'db.php';
$sql = mysql_query("SELECT * FROM access WHERE username='$u_n'");
if (!$sql) {
print "
The username you entered does not match any username's in our database.