";
// user authentication
if ($_REQUEST["action"] === "login") {
// fetch user data via input field data
$query = "SELECT * FROM profile WHERE (username='" .strtolower($_REQUEST['username']). "' && password='" .md5($_REQUEST['password']). "')";
$userdata = DB_Query("ethnobot_adserver", "localhost", "ethnobot_admin01", "admin01", $query);
// reroute user to their admin panel if authenticated
if (isset($userdata[0]['id'])) {
header("Location: admin.html");
exit();
} else {
// let user know they were not authenticated
$user_message = "Login or password invalid";
}
}
?>