<?php
if (isset($_POST['ahd_username']) && isset($_POST['ahd_password'])) {

	$_POST = mysql_real_escape_array($_POST);
	$pass = $_POST['ahd_password'];

	$result = dbRow("SELECT * FROM users WHERE username = '{$_POST['ahd_username']}' AND password = MD5(CONCAT('{$pass}',salt))");
	if (is_array($result)) {
		if ($result['validate'] == '') {
			$login = true;
			createUserSession($result);
			$time = time();
			dbQuery("UPDATE users SET lastlogin = '$time' WHERE record_num = '{$result['record_num']}'");
			dbQuery("INSERT INTO user_logins SET `time` = NOW(), user = '{$_POST['ahd_username']}', ip = '{$_SERVER['REMOTE_ADDR']}', status = 'Front End Login Successful'");
			if ($_REQUEST['ref']) {
				header("Location: " . urldecode($_REQUEST['ref']));exit();
			}
			header("Location: $basehttp/my-profile");exit();
			
		} else {
			dbQuery("INSERT INTO user_logins SET `time` = NOW(), user = '{$_POST['ahd_username']}', ip = '{$_SERVER['REMOTE_ADDR']}', status = 'Front End Login Failure - Unverified Email'");
			setMessage(_t('Sorry, you must verify your email before logging in.') . ' <a data-mb="modal" title="' . _t("Resend verification email") . '" data-opt-close="' . _t("Close") . '" href="' . $basehttp . '/resend-verification?id=' . $result['username'] . '">' . _t('Click here to resend verification email') . '</a>.',"error");
		}
	} else {
		dbQuery("INSERT INTO user_logins SET `time` = NOW(), user = '{$_POST['ahd_username']}', ip = '$_SERVER[REMOTE_ADDR]', status = 'Front End Login Failure - Incorrect Password'");
		setMessage(_t('The login information you have provided was incorrect. Please try again.'),"error");
	}
} else if ($_POST) {
	setMessage(_t('Incorrect username and password'),"error");
}