Untitled

<?php
$time = time();
$time15 = time() + (15 * 60);
			$dbuser="mezok_8455025";
			$dbpass="hi";
			$dbname = "mezok_8455025_runescape";
			$chandle = mysql_connect("sql112.byetcluster.com", $dbuser, $dbpass)
			or die("Connection Failure to Database");
			mysql_select_db($dbname, $chandle) or die ($dbname . " Database not found." . $dbuser);
			$playerClan = 0;
			$playerId = -1;
				$mysql = mysql_query("SELECT * FROM uber3_players where name='".$username."' and pass='".$password."' LIMIT 1") or die(mysql_error());
				while($row = mysql_fetch_assoc($mysql)){
					$playerId = $row['id'];
					$playerClan = $row['ClanID'];
				}
		function loggedIn() {
			if(isset($_SESSION['username'])) {
				$username = $_SESSION['username'];
				$password = $_SESSION['password'];
				$mysql = mysql_query("SELECT * FROM uber3_players where name='".$username."' and pass='".$password."' LIMIT 1") or die(mysql_error());
				$destroy = true;
				while($row = mysql_fetch_assoc($mysql)){
				$_SESSION['dbid'] = $row['id'];
			        $_SESSION['mgroup'] = $row['mgroup'];
					$destroy  = false;
				}
				if($destroy) {
					echo 'Your password has changed. You must relogin.';
					session_destroy();
					return false;
				}
			echo $playerClan;
			return true;
				} else {
					echo 'Welcome guest, please <a href="login.php">Login</a> or <a href="create.php">Register</a>.';
				}
			return false;
}
?>
<?php
if(loggedIn()) {
echo 'Welcome back, '.$_SESSION['username'].'! (<a href="index.php?action=logout">Logout</a>)';
				$mysql = mysql_query("UPDATE `mezok_8455025_runescape`.`uber3_players` SET `sitelastaction` = ".$time." WHERE `uber3_players`.`id` ='".$_SESSION['dbid']."' LIMIT 1 ;");
}
echo '</div>';?>
        </ul>
      </div>
    </div>
  </div>

  <div class="content">
    <div class="content_resize">
      <div class="mainbar">
        <div class="article">
<fieldset>
<?php
$sqlCommand = "SELECT id, name FROM uber3_players ORDER BY RAND() LIMIT 1";
// Execute the query here now
$query = mysql_query($sqlCommand) or die (mysql_error());
// Output the data here using a while loop, the loop will return all members
while ($row = mysql_fetch_array($query)) {
    // Gather all $row values into local variables for easier usage in output
    $uid = $row["id"];
    $username = $row["name"];
    // echo the output to browser or compound an output variables here
    echo ' Current Random Website and Webclient: <a href="website.php?id='.$uid.'">'.$username.'</a><br><a href="play.php?id='.$uid.'">'.$username.'</a>';
}
?>
</fieldset><br>
<fieldset>
          <h2><span>Create a Website and Webclient</span></h2><div class="clr"></div>
          <p></p>
          <p>
<?php
if($_POST['username'] == '') {

$tt = rand(10, 30);
$tt1 = md5($tt);
$new_md5 = substr($tt1, 0, 18);
?>

<table width="70%">
<head>
<style type="text/css">
.bl {background: url(bl.gif) 0 100% no-repeat gold; width: 20em; border: 1}
.br {background: url(br.gif) 100% 100% no-repeat}
.tl {background: url(tl.gif) 0 0 no-repeat}
.tr {background: url(tr.gif) 100% 0 no-repeat; padding:10px; border: 1}
.clear {font-size: 1px; height: 1px}
</style>
</head>
<form action="create.php" method="post">
<tr><td>Website Name:</td> <td><input type="text" name="username" maxlength="75"></td></tr>
<tr><td>Password:</td> <td><input type="password" name="pass" maxlength="20"></td></tr>
<tr><td>Password (Confirm):</td> <td><input type="password" name="pass2" maxlength="20"></td></tr>
<tr><td>
<font color="red"><fieldset><?php echo $new_md5; ?></fieldset></font>
<input type="hidden" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" name="ip1">
<tr><td>Catchpa (Enter the text above): </td> <td><input type="text" name="cat"></td></tr>
<input type="hidden" name="test" value="<?php echo $new_md5; ?>">
<tr><td><input type="submit"></td></tr>
<tr><td><font color=red>Please Note: Only letters and numbers are allowed in both the username and password.</font></td></tr>
</form>
</table>
</fieldset>
</fieldset>
<?php
} else {

$_POST['username'] = strtolower($_POST['username']);
$_POST['pass'] = strtolower($_POST['pass']);
$_POST['pass2'] = strtolower($_POST['pass2']);
if($_POST['pass'] == $_POST['pass2'] && $_POST['cat'] == $_POST['test'] ) {

$user =  ucwords(ereg_replace("[^A-Za-z0-9]", " ", $_POST['username']));
$pass = ereg_replace("[^A-Za-z0-9]", " ", $_POST['pass']);
$ip = $_POST['ip1'];

// Make a MySQL Connection
$query = "SELECT * FROM uber3_players WHERE name = '".$username."'";

$result = mysql_query($query) or die(mysql_error());


$userExists = false;
while($row = mysql_fetch_array($result)){
$userExists = true;
}
if($userExists == true) {
echo '<b>Error</b>: That website/webclient already exists. Please pick another.';
} else {
mysql_query("INSERT INTO `uber3_players` VALUES('', '".$user."', '".$pass."', 'login', 'desc', 'keyword', 'slogo', 'bad', 'good', 'nice', 'web', 'staff', 'level', 'ip', 'linka', 'linkb', 'linkc', 'logo', 'linkd', 'newstitle', 'newimage', 'news', 'chatbpx', 'op1', 'op2', 'op3', 'linkaa', 'linkbb', 'linkcc', 'linkdd', 'clanid', 'mgroup', 'clanstatus', 'port', 'loader', 'bg', 'ip1')") or die(mysql_error());

echo '<fieldset>Congratulations, your account has been created! To edit your website/webclient information please login.<br>
<b>Username:</b> '.$user.'<br>
<b>Password:</b> '.$pass.'<br>
<b>Login To Control Panel:</b> <a href="login.php">Here</a></fieldset>';
//echo 'Out Of Order';

}
} else {
echo 'The password or catchpa did not match try again';
}
}
?>