Add comments to includes/login.inc

includes/login.inc

@@ -1,25 +1,35 @@
 <?php
-if ( $_COOKIE['session'] ) { // Do nothing
+
+# Check if the user is logged in and authenticated
+if ( $_COOKIE['session'] ) { // If yes, continue loading page as normal
+
+# If not logged in, check if this is an attempt to login...
 } else if ($_POST['do'] == "authenticate") {
+
+# If we're trying to login...
+
+# Attempt login
 	require "dbconnect.php";
- 
+ 	$sql = "SELECT id,username FROM users WHERE username='$_POST[username]' and password=PASSWORD('$_POST[password]')";
-	$sql = "SELECT id,username FROM users WHERE username='$_POST[username]' and password=PASSWORD('$_POST[password]')";
 	$result = mysql_query($sql) or die (mysql_error());
 
-#	echo "Results: " . mysql_num_rows($result);
+#	echo "Results: " . mysql_num_rows($result); // Debugging line
 
-	if (mysql_num_rows($result) === 1) {
+	if (mysql_num_rows($result) === 1) { // If user found and password matches
-		unset($_POST['do']);
+		unset($_POST['do']); // No longer authenticating
-		$_COOKIE['session'] = '1';
+
+# Create cookie and set it
+		$_COOKIE['session'] = '1'; 
 		setcookie('session',$_COOKIE['session']);
-	} else {
+
+	} else { //  If user not found or password doesn't match
 		unset($_POST['do']);
-#		$_COOKIE['session']++;
+# Attempt login again. This should be limited in the future.
 		echo "Login failed. Please try again.";
 		include("login_form.inc");
 		break;
 	}
-} else {
+} else { // If this is the first visit to the user/admin area...
         echo "Please login:";
         include "login_form.inc";
         break;