Untitled

<?php
// Functions file:
// ToDo: IPlocking (W.I.P)
// ToDo: POST-check + if-statement for $bericht + locationheader (W.I.P)

function sqlsafe($data) {
$data = mysql_real_escape_string($data);
return $data;
}


// Make MySQL-database connection
@mysql_connect($server, $user,$pass) or die ("Can't connect to MySQL database server");
@mysql_select_db($database) or die("Can't find database.");

// Start here the login action, and make the random hash
if(($_SERVER['REQUEST_METHOD'] == "POST") && ($_POST['login'])) {
     $selectleden = mysql_query("SELECT * FROM $ledentabel WHERE username = '".sqlsafe($_POST['username'])."' AND password = '".sqlsafe(md5($_POST['password']))."'");
     if(mysql_num_rows($selectleden)) {
                                      // Ingelogd
                                      $hash = md5(uniqid(rand(), true));
                                      $get_id = mysql_query("SELECT id FROM ".$ledentabel." WHERE username = '".sqlsafe($_POST['username'])."' AND password = '".sqlsafe(md5($_POST['password']))."'");
                                      $fetch_id = mysql_fetch_assoc($get_id);
                                      $insert_session = mysql_query("INSERT INTO sessions (id, userid, hash, logintime) VALUES ('','".$fetch_id['id']."','".$hash."',NOW())");

                                      // for debugging:
                                      #$bericht = "Ingelogd met hash: ".$hash." En je hebt id-nummer:".$fetch_id['id'];


                                      if ($insert_session) {
                                         setcookie ("id", $fetch_id['id'],time()+$_POST['sessiontime']);
                                         setcookie ("hash", $hash,time()+$_POST['sessiontime']);
                                         header('location:menu.php');
                                                           } else {
                                                           echo "Fout in de query: ".mysql_error();
                                                           exit();
                                                           }
                                      }  else {
                                      // Foute pass
                                      $bericht = "<b>Je inloggegevens komen niet overeen met wat in de database staan.</b>";
                                      }


                                                                           }

// here is the function for the login-check
function checklogin() {
if (mysql_num_rows(mysql_query("SELECT userid, `hash` FROM `sessions` WHERE `userid` = '".sqlsafe($_COOKIE['id'])."' AND `hash` = '".sqlsafe($_COOKIE['hash'])."'"))) {
        $return  = TRUE;
    } else {
        $return = FALSE;
    }

    return $return;
}

// Data uit leden-tabel oproepen ($get_userdata['username'], $get_userdata['warnings']
$get_data_qry = mysql_query("SELECT userid, `hash` FROM `sessions` WHERE `userid` = '".sqlsafe($_COOKIE['id'])."' AND `hash` = '".sqlsafe($_COOKIE['hash'])."'");
$get_data = mysql_fetch_assoc($get_data_qry);
$get_userdata = mysql_fetch_assoc(mysql_query("SELECT * FROM $ledentabel WHERE id = '".$get_data['userid']."'"));


?>