<?php

// initialize the buffer.
ob_start();

if (isset($_POST))
{
	$username = $_GET['username']; // ?username=
	$password = $_GET['password']; // &password= [hashed, of course.]
	$hardware_token = $_GET['token']; // &token= for hardware login, etc.
	
	$result = mysql_query("SELECT * FROM `accounts` WHERE username='".$username."' AND password='".$password."'");
	$row = mysql_fetch_array($result);
	
	if ($row['username'] && $row['password'])
	{
		echo "AUTH OK";
	}
	else
	{
		echo "AUTH BAD";
	}
}

?>