Untitled

<?php
include("/Scripts/config.php");
$user = mysql_real_escape_string(stripslashes($_POST["strUsername"]));
$pass = md5(mysql_real_escape_string(stripslashes($_POST["strPassword"])));
$error = 0;

if ($_SERVER['HTTP_X_FORWARD_FOR']) {
$ip = $_SERVER['HTTP_X_FORWARD_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}

if (!preg_match('/^[a-z0-9\s_-]+$/i', $user) || ($user == "")) {
	$error = 1;
	echo "<login bSuccess='0' sMsg='Username must contain letters, spaces or numbers!'/>";
}
if (!preg_match('/^[a-z0-9]+$/i', $pass) || ($pass == "")) {
	$error = 1;
	echo "<login bSuccess='0' sMsg='Password must contain letters and numbers!'/>";
}
$getuservar = mysql_query("SELECT * FROM wqw_users WHERE username='$user' AND password='$pass' LIMIT 1")or die("Query failed with error: ".mysql_error());
$num = mysql_num_rows($getuservar);
$getuser = mysql_fetch_array($getuservar);
$userid = $getuser['id'];

if ($num == 0) {
$error = 1;
echo "<login bSuccess='0' sMsg='You have entered the wrong Username or Password,\n Please click Cancel and try again.'/>";
} else if ($getuser['banned'] == 1) {
$error = 1;
echo "<login bSuccess='0' sMsg='Your user account is currently not activated/banned!'/>";
}

if ($error != 1) {
session_start();
$_SESSION['name'] = $user;
$_SESSION['pass'] = $pass;
if($getuser["admin"]==1){
	$_SESSION['adm'] = "true";
}
//Adds no class if user does not have a class...

$getclass = mysql_query("SELECT * FROM wqw_items WHERE sES='ar' AND equipped=1 AND userid=$userid LIMIT 1")or die("Query failed with error: ".mysql_error());
$classcheck = mysql_num_rows($getclass);

if ($classcheck == 0) {
$checkitem = mysql_query("SELECT itemid FROM wqw_items WHERE itemid=2506 AND userid=$userid LIMIT 1")or die("Query failed with error: ".mysql_error());
$itemcheck = mysql_num_rows($checkitem);
	if($itemcheck==0){
		$addclass = mysql_query("INSERT INTO wqw_items (itemid, userid, equipped, sES, iLvl, classXP, className) VALUES ('2506', '$userid', '1', 'ar', '1', '0', 'No Class')") or die("Error adding class! contact PDL Staff immediately!" . mysql_error());
		$updateclass = mysql_query("UPDATE wqw_users SET currentClass=11 WHERE id=$userid");
	} else {
		$equipclass = mysql_query("UPDATE wqw_items SET equipped=1 WHERE itemid=2506 AND userid=$userid")or die("Query failed with error: ".mysql_error());
		$updateclass = mysql_query("UPDATE wqw_users SET currentClass=11 WHERE id=$userid");
	}
}

$setip = mysql_query("UPDATE wqw_users SET loginip='$ip' WHERE username='$user' AND password='$pass'");
echo "<login bSuccess='1'  iAccess='" . $getuser["access"] . "' iUpg='" . $getuser["upgrade"] . "' iAge='" . $getuser["age"] . "' sToken='" . $pass . "' dUpgExp='" . $getuser["upgrade"] . "' iUpgDays='" . $getuser["upgDays"] . "' iSendEmail='" . $getuser["emailActive"] . "' strEmail='" . $getuser["email"] . "' bCCOnly='0'>";
$getchar = mysql_query("SELECT * FROM wqw_servers LIMIT 10")or die("Query failed with error: ".mysql_error());
while ($char = mysql_fetch_array($getchar)) {
echo "<servers sName='" . $char["name"] . "' sIP='" . $char["ip"] . "' iCount='" . $char["count"] . "' iMax='" . $char["max"] . "' bOnline='" . $char["online"] . "' bChat='" . $char["bchat"] . "' iChat='" . $char["ichat"] . "' bUpg='" . $char["upgrade"] . "'/>";
}
echo "</login>";
}
?>