<?php
	$sqlserver        = "localhost";
	$sqldb            = "NoCoinSys";
	$sqluser          = "SQLUSER";
	$sqlpasswd        = "SQLPASSWORD";
	
		// Establish connection to SQL-Server
	$link = mysql_connect($sqlserver, $sqluser, $sqlpasswd);
	mysql_select_db($sqldb);

	
		// Right Posted Form to login (no bots, etc)?
	if ($_POST["login"] == "SiteKiosk")
	{
			// Normal Name/PW Login
		$sql = "SELECT * FROM ncs_user WHERE login_id='" . $_POST["login_name"] . "' AND password='" . $_POST["login_password"] . "'";
		$accounttable = "ncs_account";
		
			// Succesful user posted
		$res = mysql_query($sql);
		if ($res)
		{
				// Query Successful
			if (mysql_num_rows($res) == 1)
			{
					// Found User
					// Now select the money
				$userobj = mysql_fetch_object($res);
				
				if ($_POST["action"] == "login")
				{
					$sql = "SELECT * FROM $accounttable WHERE pk='" . $userobj->pk . "'";
					$res = mysql_query($sql);
					if ($res)
					{
							// Seems as though the user has still money...
						$accountobj = mysql_fetch_object($res);
						print "1|Authentication successful|" . $accountobj->value . "|" . $userobj->name . "|" . $userobj->last_name . "|". $userobj->startpage;
					}
					else
						print "-3|Error: No account found";
				}
				else if ($_POST["action"] == "setmoney")
				{
						// Set our new money / logout
					$sql = "UPDATE $accounttable SET value='" . ereg_replace(",", ".", $_POST["MoneyBack"]) . "' WHERE pk='" . $userobj->pk . "'";
					$res = mysql_query($sql);
					if ($res)
						print "1|Account successfully set|" . ereg_replace(",", ".", $_POST["MoneyBack"]) . "";
					else
						print "-1|Error: Internal Error";
				}
			}
			else
				print "-2|Error: Authentication unsuccessful";
		}
	}

	mysql_close($link);
?>