<div class="loginlogout"> <?php //include ("includes/audit.php");

1. <div class="loginlogout">
2.     <?php
3.     //include ("includes/audit.php");
4.  
5.     if (!isset($_SESSION['username']) and (isset($_POST['username']))) {
6.     $username = $_POST['username'];
7.     $password = hash("sha512", $_POST['password']);
8.     $uname = mysql_real_escape_string($username);
9.     $upass = mysql_real_escape_string($password);
10.  
11.     if ((!empty($uname)) or (!empty($upass))) {
12.         $login = mysql_query("SELECT * FROM `users` WHERE `username` = '".$uname."' AND `password` = '".$upass."'");
13.         $bancheck = mysql_fetch_array($login);
14.  
15.         if ($bancheck['banned'] == '1') {
16.         echo '<p>Your account has been banned.</p>';
17.         }
18.  
19.         else {
20.  
21.         if (mysql_num_rows($login)) {
22.             $user = mysql_fetch_assoc($login);
23.             //extract($user, EXTR_PREFIX_ALL, "users"); // this sets all fields in the mysql database to variables like $user_id for the field "id" in mysql
24.             $_SESSION['username'] = $user_name;
25.             echo '
26.                                             <p>Thank you for logging in ' . $_POST['username'] . ' click <a href="index.php?page=usercp">here</a>
27.                                             if your browser does not automatically re-direct you.</p>';
28.             $useridquery = mysql_query("SELECT * FROM users WHERE `username` = '" . $uname . "'");
29.             $userid = mysql_fetch_array($useridquery);
30.             mysql_query("DELETE FROM loggedin WHERE userid = '" . $userid['userid'] . "'");
31.             mysql_query("INSERT INTO loggedin (`userid`, `username`, `timestamp`, `ip`, `date`) VALUES ('" . $userid['userid'] . "', '" . $converter->userIDToUserName($userid['userid']) . "', '" . date("H:i:s") . "', '" . $visitor . "', '" . date("Y-m-d") . "')");
32.             $queryForID = mysql_query("SELECT * FROM loggedin");
33.             $getSessionID = mysql_fetch_array($queryForID);
34.             while ($audit = mysql_fetch_array($queryForID)) {
35.             /*Auditing Begins*/
36.             if ($audit['date'] != date("Y-m-d")) {
37.                 mysql_query("DELETE FROM loggedin WHERE userid = '" . $audit['userid'] . "'");
38.             }
39.  
40.             /*Auditing Ends*/
41.             }
42.  
43.             $_SESSION['sessionid'] = $getSessionID['loginid'];
44.             $_SESSION['userid'] = $userid['userid'];
45.  
46.             echo '
47.                                             <script type="text/javascript">
48.                                                 alert("Welcome  ' . $uname . ' please note we will shortly be phasing out support for non gravatar.com avatars. Ask lenwipe for more details")
49.                                             </script>';
50.  
51.             mysql_query("UPDATE users SET lastlogin='" . date("Y-m-d") . "' WHERE userid='" . $_SESSION['userid'] . "'");
52.         }
53.  
54.  
55.         else {
56.             echo "<p>Invalid Login or Password.</p>";
57.         }
58.         }
59.     }
60.  
61.     else {
62.         echo "<p>Login Failed</p>";
63.     }
64.  
65.     }
66.     ?>
67. </div>