Untitled

<?php

session_start ();
include('INCLUDES/Config.php');
function shitChecker($str)
{
    $var = preg_match('/[^a-zA-Z]/', $str);
    return $var;
}
function shitCheckerNum($str)
{
  $var = preg_match('/[^a-zA-Z0-9]/', $str);
  return $var;
}

if(isset($_POST['submit']))
{
    //Get all the user inputs
    $account = $_POST['account'];
    $password = $_POST['password'];

    $con = mysql_connect($Con.":".$aPort, $U, $P) or die(mysql_error());
    mysql_select_db($DB) or die(mysql_error());

    //Remove bullshit from the user inputs(Sorta pointless as i use regex in a second...
    $account = mysql_real_escape_string(html_entity_decode(htmlentities($account)));
    $password = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));
    //Die if account contains non-alphanumeric characters
if(shitCheckerNum($account) == 1)
    {
      die("Accountname enthält ungültige Buchstaben!");
    }
    //Die if old password contains non-alphanumeric characters
    elseif(shitCheckerNum($passwordOld) == 1)
    {
      die("Passwort enthält ungültige Buchstaben!");
    }


    //If no rows, means invalid user/pass, die.
    if($numrows == 0)
    {
        die("Falscher Accountname oder falsches Passwort!");
    }
if (mysql_num_rows ($result) > 0)
{
  // Benutzerdaten in ein Array auslesen.
  $data = mysql_fetch_array ($result);

  // Sessionvariablen erstellen und registrieren
  $_SESSION["user_id"] = $data["Id"];

  header ("Location: index2.php");
}
else
{
  header ("Location: index.php?fehler=1");
}
        $ppasswort = $_POST["password"];
        $user = strtoupper($account);
        $pwold = strtoupper($ppasswort);
        $shapwold = sha1($user.":".$pwold);
    $query = "SELECT id FROM account WHERE username = '".$account."' AND sha_pass_hash = '".$shapwold."'";

    $result = mysql_query($query) or die(mysql_error());
    $numrows = mysql_num_rows($result);
    echo "</td></tr>";
    //close mysql connection
    mysql_close();
}
?>