Untitled

<?php
include('core.php');
session_start();

if(!session_is_registered(username)){

	if(isset($_POST['username']) && isset($_POST['password'])){
		$username = addslashes($_POST['username']);
			$sql = mysql_query("SELECT * FROM users WHERE username = '".$username."' LIMIT 1") or die(mysql_error());
			$row2s = mysql_fetch_array($sql);
		$password = HoloHash($_POST['password'], $row2s[username]);
		$remember_me = $_POST['_login_remember_me'];


		if(empty($username) || empty($password)){
			$login_error = "Per favore, non lasciare spazi bianchi.";
		} else {
			$sql = mysql_query("SELECT id FROM users WHERE username = '".$username."' AND password = '".$password."'") or die(mysql_error());
			$rows = mysql_num_rows($sql);
			if($rows < 1){
				$login_error = "I dati forniti sembrano essere errati";
			} else {
				$userdata = mysql_fetch_assoc($sql);
				$userid = $userdata['id'];
				$check = mysql_query("SELECT * FROM bans WHERE value = '".$username."'LIMIT 1") or die(mysql_error());
				$is_banned = mysql_num_rows($check);
				if($is_banned < 1){
					$_SESSION['username'] = $username;
					$_SESSION['password'] = $password;
					if($remember_me == "true"){
						setcookie("remember", "remember", time()+60*60*24*100, "/");
						setcookie("rusername", $_SESSION['username'], time()+60*60*24*100, "/");
						setcookie("rpassword", sha1("zomq".$_SESSION['password']), time()+60*60*24*100, "/");
					}
					$sql3 = mysql_query("UPDATE users SET lastvisit = now() WHERE username = '".$username."'") or die(mysql_error());
					header("location:security_check.php"); exit;
				} else {
					$bandata = mysql_fetch_assoc($check);
					$reason = $bandata['reason'];
					$expire = $bandata['expire'];


					if($stamp_now < $stamp_expire){
						$login_error = "Sei stato bannato! La ragione del ban &egrave; \"".$reason."\". Il tuo ban termina il ".$expire.".";
					} else { // ban expired
						//mysql_query("DELETE FROM users_bans WHERE userid = '".$userid."' OR ipaddress = '".$remote_ip."' LIMIT 1") or die(mysql_error());
						$_SESSION['username'] = $username;
						$_SESSION['password'] = $password;
						if($remember_me == "true"){
							setcookie("remember", "remember", time()+60*60*24*100, "/");
							setcookie("rusername", $_SESSION['username'], time()+60*60*24*100, "/");
							setcookie("rpassword", sha1("zomq".$_SESSION['password']), time()+60*60*24*100, "/");
						}

						header("location:security_check.php"); exit;
					}
				}
			}
		}
	}
if(isset($_GET['error'])){
		$errorno = $_GET['error'];
		if($errorno == 1){
			$login_error = "Password o nome utente invalidi.";
		} elseif($errorno == 2){
			$login_error = "Invalida Username o Password.";
		} elseif(isset($_GET['ageLimit']) && $_GET['ageLimit'] == "true"){
			$login_error = "Sei troppo giovane per Giocare Qui.";
		}
	}
?>
<html lang="CO">
<head>
	<title>HROB - Hotel</title>
	<meta charset="utf-8">
		<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Ubuntu:regular,bold&subset=Latin">
		<style type="text/css">
		body{
			font-family: Ubuntu, "times new roman", times, roman, serif;
			color: #7ecaee;
		}
	</style>
	<link rel="stylesheet" type="text/css" href="./habosos/plantillas/css/estilos.css">
	  <script src="alert/dist/sweetalert-dev.js"></script>
</head>
<body>
	<header>
		<?php
if(isset($_POST['username'])) {
 echo $login_error;
}
?>
		<form action="" method="post">
			<div class="login" id="login">
				<table align="left" style="position: relative;left: 100px;">


				</table>
				<label><?php echo $lingua['user']; ?>  <input type="text" name="username" placeholder="" <?php if(isset($error)) {?>id="error"<?php } ?>></label>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
				<?php echo $lingua['pass']; ?>  <input type="password" name="password" placeholder=""  <?php if(isset($error)) {?>id="error"<?php } ?>>
				<input type="submit" value="<?php echo$lingua['log-in']; ?>" class="btonlogin" name="entrar"><br>

			</div>
		</form>
	</header>
	<div class="registrobx">
		<div class="txbt">
			<?php echo $lingua['y.welk']; ?><br><br>
			<a href="/quickregister/start.php"><button class="btonreg"><?php echo $lingua['registrati.g']; ?></button></a>
		</div>
	</div>
	<div class="ntc">

		<div class="reloj"><a href="#un" class="txtnt"><?php echo $lingua['news']; ?></a></div>
	</div>
	<div class="contentc" style="height:600px;">

		<div class="txtun"><?php echo $lingua['last.news']; ?></div><br>
<?php
if($countrycode == "IT") {
	$var = '"1"';
}
else {
	$var = '"2"';
}
$n = mysql_query("SELECT * FROM cms_news WHERE lang = ".$var." ORDER BY id DESC LIMIT 3") or die(mysql_error());

function my_htmlentities($var, $qs = ENT_COMPAT, $charset = 'ISO-8859-1')
{
    $search = array('ì', 'è', 'é', 'ò', 'à', 'ù');
    $replace = array('&igrave;', '&egrave;', '&eacute;', '&ograve;', '&agrave;', '&ugrave;');

    $var = str_replace($search, $replace, $var);
    $var = htmlentities($var, $qs, $charset, false);

    return $var;
}
?>
<?php $i = 0; while($noticia = mysql_fetch_assoc($n)){ $i++; ?>
<table align="left" id="un">
	<td>
		<div class="noticiaconte" align="center">
			<div class="promo" style="background-image: url('<?php echo $noticia['topstory']; ?>');"></div>
			<br><div class="ttlopro"><?php echo my_htmlentities($noticia['title']); ?></div>
			<div class="descpro"><?php echo my_htmlentities($noticia['short_story']); ?></div>
			<br>
			<div class="btonpro"><a href="/quickregister/start.php"><?php echo $lingua['reg.now']; ?></a></div>
			<br>
			<hr noshade="noshade" color="#0B6395" size="1">
		</div>
	</td>
</table>
<?php } ?>
	</div>

<?php } else {
header("location:me.php");
}
?>
<!-- PopMyAds.com Popunder Code for hrob.me -->

<script type="text/javascript">
var pmauid = '15075';
var pmawid = '18481';
var fq = '';
</script>
<script type="text/javascript" src="http://cdn.popmyads.com/pma.js"></script>

<!-- PopMyAds.com Popunder Code End -->
</body>
</html>