code snippet

1. // your code
2.  
3. if(count($_POST)>0 && $captcha == true) {
4.     $result = $mysqli->query("SELECT * FROM users WHERE username = '".$_POST["username"]."' AND password = '".sha1($_POST["password"])."'");
5.    
6.     if($result->num_rows){
7.         $row  = $result->fetch_assoc();
8.         if($row['active'] == '1'){
9.             $_SESSION["id"] = $row["id"];
10.             $_SESSION["username"] = $row["username"];
11.             $mysqli->query("DELETE FROM login_attempts WHERE ip = '$ip'");
12.         }else{
13.             echo "Your account is inactive";
14.         }
15.     }else{
16.         $message = "<div class='div-usuario-password-incorrecto'><br><span class='img-datos-incorrectos'><img src='img/error.png' width='40' height='40'></span>Login or password is invalid!</div>";
17.         if ($failed_login_attempt < 2) {
18.             $mysqli->query("INSERT INTO login_attempts (ip,date) VALUES ('$ip', NOW())");
19.         } else {
20.             $message = "<div class='div-failed-login'><br><span class='img-aviso-failed'><img src='img/aviso.png' width='40' height='40'></span>You have treated more than 3 invalid attempts. Enter the captcha code.</div>";
21.         }
22.     }
23. }