Gossamer Forum: Products: Others: Gossamer Community: php comunity login for other app

Can so one please help. i am trying to develop a php login for community.cgi.
1) i need help with password decryption
2) i need help with session

thanks

-------------------------------------------------

<?
// Initiate session.
session_start();
// Pass through if login pragma already set to true.
if($_SESSION['login'])
{
// Honor logout requests.
if(isset($_REQUEST['logout']))
{
$_SESSION['login'] = false;
$_SESSION['message'] = '<font color=green>You are now logged out. Thank you!</font>';
setcookie ("SID", "");
setcookie ("save_sess", "");
session_unset ();
session_destroy ();
print ($guest_xml);
header ("Location: login.html"); // <- After-logout page
exit ();
}
}
// Validate login requests.
elseif(isset($_POST['login']))
{
if(!valid_input())
{
$_SESSION['message'] = "<font color=red>The username or password was invalid. Please try again.</font>";
do_login_form();
exit;
}

if(!login())
{
$_SESSION['message'] = "<font color=red>The username or password you entered does not exist. Please try again.</font>";
do_login_form();
exit;
}

//*** Login is Valid ****//
// Set login prgama to true.
$_SESSION['login'] = true;

// Redirect to private page.
$_SESSION['message'] = "You are logged in as: <b>${_POST['username']}</b>";
session_register('Advanced_uid');
session_register('Advanced_id');
session_register('Advanced_email');
session_register('Advanced_name');
session_register('Advanced_company');
session_register('SID');
$SID = session_id();
$Advanced_uid = "1";
$Advanced_id = "2";
$Advanced_name = "3";
$Advanced_email = "4";
$Advanced_company = "5";
setcookie ("SID", $SID, time ());
header ("Location: redirect.php?url=".$url);
exit;

}

// Display login form.
else
{
$_SESSION['message'] = 'Please login.';
do_login_form();
exit;
}
// ****** LOCAL FUNCTIONS ******* //
// This function checks if the account exists in the database.
function login()
{
// Log into MySQL
$db = mysql_connect("localhost", "username", "password");
mysql_select_db("databasename", $db);

// Check if the account exists in the database.
$query = "SELECT * FROM login_comm_users WHERE comm_username='${_POST['username']}' AND comm_password='${_POST['password']}'";
$result = mysql_query($query);
if(@mysql_num_rows($result)>0)
return true;
else
return false;
}
// This function checks the username and password fields for illegal characters
function valid_input()
{
$pwrx = '^[a-zA-Z0-9\-_]{3,25}$'; // allow only letters, numbers, hyphens and underscores. Limit 5 - 25 characters.
$unrx = '^[a-zA-Z0-9]{5,25}$'; // allow only letters and numbers. Limit 5 - 25 characters.
if(ereg($unrx, $_POST['username']) && ereg($pwrx, $_POST['password']))
return true;
else
return false;
}
// This function displays the login form.
function do_login_form()
{
?>
<div align="center">
<?= $_SESSION['message']?>
<form method="post" action="<?= $_SERVER['PHP_SELF']?>">
Username: <input type="text" name="username" value="<?= $_POST['username']?>"><br>
Password: 9RV43NFFIe4vk<input type="password" name="password" value="<?= $_POST['password']?>"><br>
<input type="hidden" name="url" value="<?php $url = isset($_GET['url']) ? $_GET['url'] : NULL;print ($url);?>"><br>

<input type="submit" name="login" value="Login">
</form>
<?php
$url = isset($_GET['url']) ? $_GET['url'] : NULL;
print ($url);
?>
</div>

<?
}
?>