Can always login from login page, even if already logged

onyx/include/public/login.php

@@ -1,34 +1,29 @@
 <?php
 if (!defined('ONYX')) exit;
 
-if ($SESS->level < 1)
+if (isset($_POST['username']) && isset($_POST['password']))
 {
-    if (isset($_POST['username']) && isset($_POST['password']))
+  $username = $_POST['username'];
-    {
+  $password = $_POST['password'];
-        $username = $_POST['username'];
-        $password = $_POST['password'];
 
-        $bdd = new BDD();
+  $bdd = new BDD();
 
-        // TODO: use function
+  // TODO: use function
-        $hash = mdp($bdd->escape($username), $bdd->escape($password));
+  $bdd->escape($username);
-        $result = $bdd->unique_query("SELECT username, auth_level FROM users
+  $bdd->escape($password);
+  $hash = mdp($username, $password);
+  $result = $bdd->unique_query("SELECT id, username, auth_level FROM users
                                       WHERE username='$username'
                                       AND password=unhex('$hash')");
 
-        if (!empty($result) && $result['auth_level'] != 0)
+  if (!empty($result) && $result['auth_level'] != 0)
-        {
+  {
-            $SESS->level = $result['auth_level'];
+    $SESS->level = $result["auth_level"];
-            $SESS->values = $result;
+    $SESS->values = $result;
-            $SESS->put($username);
+    $SESS->put($result["id"]);
-            header("Location: /home");
-            exit;
-        }
-    }
-    $page = "public/login";
-}
-else
-{
-    // Show some page ?
     header("Location: /home");
+    exit;
+  }
 }
+
+$page = "public/login";