Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include('functions.php');
- include('config.php');
- if(isset($_COOKIE['user']))
- {
- $content = 'You\'re already logged in! <a href="index.php">Return home...</a>';
- }
- else
- {
- if(isset($_POST['username']) && isset($_POST['password']))
- {
- //make sure names don't contain injections or any other risky data, and encrypt passwords
- $username = mysql_real_escape_string(strip_tags($_POST['username']));
- $password = md5(sha1(md5(sha1($_POST['password']))));
- //query to check if their data is correct
- $query = mysql_query("SELECT acc_status FROM users WHERE username = '{$username}' AND password = '{$password}' LIMIT 1");
- if(mysql_num_rows($query) > 0)
- {
- //extract data from query
- $extract = mysql_fetch_assoc($query);
- //make sure their IP isn't banned
- //extract banned ips
- $query_bans = mysql_query("SELECT * FROM banned_ips WHERE ip = '{$_SERVER['REMOTE_ADDR']}'");
- if(mysql_num_rows($query_bans) > 0)
- {
- $content = 'You have been banned from logging in.';
- }
- elseif($extract['acc_status'] == 0)
- {
- $content = 'This account has been banned.';
- }
- else
- {
- //update the last logged in field
- mysql_query("UPDATE users SET lastlogin = ". time() ." WHERE username = '$username'");
- setcookie('user', $username, time()+4800, '/');
- redirect('index.php');
- }
- }
- else
- {
- $content = 'The username and password combination you have entered is incorrect.';
- }
- }
- else
- {
- $content = '
- <br/>
- <br/>
- <table>
- <div id="black_fields">
- <form action="login.php" method="POST">
- <tr><td>Username</td><td><input type="text" class="button" name="username" maxlength="12"></td></tr>
- <tr><td>Password</td><td><input type="password" class="button" name="password" maxlength="20"></td></tr>
- <tr><td><input type="submit" class="button" value="Login"></td></tr>
- </form>
- </div>
- </table>';
- }
- }
- ?>
Add Comment
Please, Sign In to add comment
