--- trunk/tntnet/dynamic/login.ecpp	2007/11/28 14:27:51	80
+++ trunk/tntnet/dynamic/login.ecpp	2007/12/02 16:56:14	122
@@ -31,30 +31,33 @@
 </script>
 
 <{
-tntdb::Connection conn;
-
-conn = tntdb::connect(dburl); //letting exceptions flow up and to tntnet and let it display an error message
+tntdb::Connection conn = tntdb::connect(dburl); 
 
 
 std::string post_username = qparam.param("username");
 std::string post_password = qparam.param("password");
-bool showForm = true;
 
 
 if (post_username.size() > 0 || post_password.size() > 0)
 {
 
-	std::stringstream sql;
-	sql << "SELECT realname,useradmin FROM users WHERE username = '" << post_username << "' AND ";
-	sql << "password = '" << post_password << "' AND enabled=true";
+	std::string sql;
+	sql += "SELECT realname,useradmin FROM users WHERE username = :username AND ";
+	sql += "password = :password AND enabled=true";
+
+	tntdb::Statement st = conn.prepare(sql);
+	st.setString("username", post_username).setString("password", post_password);
+
+	tntdb::Result res = st.select();
 
-	tntdb::Result res = conn.select(sql.str());
 	if (res.size() >0)
 	{
 		tntdb::Row row = res[0];
 		userName = post_username;
 		isAdmin = row.getBool(1);
-		reply.setHeader("Refresh", "0; url=/dynamic/index");
+
+		reply.setHeader("Location", "index");
+		return HTTP_MOVED_TEMPORARILY; //code 302
 	}
 	else
 	{
@@ -65,9 +68,6 @@
 
 
 
-<{
-if (showForm) {
-}>
 
 <form method="post" action="login" name="loginform" onsubmit="encryptText()">
 <table border="0">
@@ -85,9 +85,6 @@
 </table>
 </form>
 
-<{
-} // end if (showForm)
-}>
 
 <&footer>
 </&footer>