Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (isset($_POST['process']) and $_POST['process']==1) {
- $pass = trim($_POST['pass']);
- $query = 'UPDATE members SET password = "'.$pass.'" WHERE id = "'.$_SESSION['id'].'"';
- if (mysql_query($query)) {
- echo "Your password has now been created. You will be redirected to the home page now.";
- echo "<META HTTP-EQUIV=Refresh CONTENT=\"2; URL=?p=main\">";
- } else {
- echo '<p style="color:#C00;">Error please report this.</p>';
- }
- } else {
- if($_SESSION['id']){
- $logouttime = 300;
- $timenow = time();
- $loggedtime = $timenow - $logouttime;
- $query = mysql_query("UPDATE `members` SET `sitelogged` = '".$loggedtime."' WHERE `id`='".$_SESSION['id']."'") or die(mysql_error());
- $isofflinequery = mysql_query("UPDATE `members` SET `online` = '0' WHERE `id`='".$_SESSION['id']."'") or die(mysql_error());
- session_destroy();
- echo "You are now logged out. Please come again soon.<br /><br />";
- echo "You will be redirected in 3 seconds.";
- echo "<META HTTP-EQUIV=Refresh CONTENT=\"3; URL=index.php\">";
- }else{
- if(!$_POST['login']){
- echo "<fieldset><legend><b>Login</b></legend>";
- echo "<form method=\"POST\"><center><table border=\"0\" width=\"300\">";
- echo "<tr><td align=\"right\" width=\"50%\"><b>Username:</b></td><td><input type=\"text\" name=\"username\" maxlength=\"24\"></td></tr>";
- echo "<tr><td align=\"right\"><b>Password:</b></td><td><input type=\"password\" name=\"password\" maxlength=\"12\"></td></tr>";
- echo "<tr><td></td><td><input type=\"submit\" name=\"login\" value=\"Login\"></td></tr>";
- echo "</table></center></form>";
- echo "</fieldset>";
- }else{
- $u = mysql_real_escape_string($_POST['username']);
- $p = mysql_real_escape_string($_POST['password']);
- $s = mysql_query("SELECT * FROM `members` WHERE `username`='".$u."'") or die(mysql_error());
- $i = mysql_fetch_array($s);
- if($i['password'] == $p){
- if (mysql_num_rows($s)) {
- $user = mysql_query("SELECT * FROM `members` WHERE `username`='".$i['username']."' AND `password`='".$i['password']."'") or die(mysql_error());
- $auser = mysql_fetch_array($user);
- $_SESSION['id'] = $auser['id'];
- $_SESSION['username'] = $auser['username'];
- $_SESSION['name'] = $auser['name'];
- if ($auser['admin'] == '1') {
- $_SESSION['admin'] = '1';
- } else {
- $_SESSION['admin'] = '0';
- }
- if ($i['password'] == '') {
- echo "This is your first time logging in. Please create a password:<br><br>";
- echo "<form name='guestbook' action='?p=login' method='POST'><table><tr><td>Password:</td>";
- echo "<td><input type='text' name='pass' /> <input type='hidden' name='process' value='1' />";
- echo "<input type='submit' value='Submit'></td></tr></table></form>";
- } else {
- echo "You are now logged in.<br /><br />";
- echo "You will be redirected in 3 seconds.";
- echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=index.php\">";
- }
- } else {
- echo "This account does not exist. Click <a href='?p=login'>here</a> to retry.";
- }
- } else {
- echo "The password you have entered is incorrect. Click <a href='?p=login'>here</a> to retry.";
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement