Untitled

<?php
include "config.php";
mysql_connect($location,$databaseuser,$databasepass);
@mysql_select_db($database) or die( "Unable to select database"); //Connects to database
$username = $_GET['username']; //gets username from url
$password = $_GET['password']; //gets password from url
$hwid = $_GET['hwid']; //gets HWID from url
$time = $_GET['time']; //gets username from url
$username = stripslashes($username); //MySQL Injection Protection
$username = mysql_real_escape_string($username); //MySQL Injection Protection
$password = stripslashes($password); //MySQL Injection Protection
$password = mysql_real_escape_string($password); //MySQL Injection Protection
$hwid = stripslashes($hwid); //MySQL Injection Protection
$hwid = mysql_real_escape_string($hwid); //MySQL Injection Protection
$time = stripslashes($time); //MySQL Injection Protection
$time = mysql_real_escape_string($time); //MySQL Injection Protection
$date = date('Y-m-d H:i:s', time());
if($username==""){ //if username is blank, then show the blank username error
echo $blankuser;
}elseif($password=="D4-1D-8C-D9-8F-00-B2-04-E9-80-09-98-EC-F8-42-7E"){ //if password is blank, then show the blank password error
echo $blankpass;
}elseif($hwid==""){ //If the HWID is blank then show this error
echo $blankhwid;
}elseif($time==""){
echo "This was not posted through the application.";
}else{ //Goes here if every information required is filled with some info
$sql="SELECT * FROM Users WHERE username='$username' and password='$password' and hwid='$hwid'"; //tries logging in
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){ //goes here if logged in successfully
$expires = mysql_query("SELECT Expires FROM Users WHERE username='$username' AND password='$password' AND hwid='$hwid'");
while($expiresdata = mysql_fetch_assoc($expires)) { //gets data to see expiration date of user
$dateexpired = $expiresdata["Expires"]; //gets the expired date
}

$blacklistdata = mysql_query("SELECT Blacklisted FROM Users WHERE username='$username' AND password='$password' AND hwid='$hwid'");
while($blacklist = mysql_fetch_assoc($blacklistdata)) { //gets data to see if user is blacklisted
$blacklisted = $blacklist["Blacklisted"]; //gets the result
}

$blacklisted = strtolower($blacklisted);
$banreasondata = mysql_query("SELECT CustomReason FROM Users WHERE username='$username' AND password='$password' AND hwid='$hwid'");
while($banreasoninfo = mysql_fetch_assoc($banreasondata)) { //gets the data of the custom ban message
$banreason = $banreasoninfo["CustomReason"]; //gets the result
}

$today = date("Y-d-m"); //gets today's date
$today = strtotime($today); //changes it into time
$expiration_date = strtotime($dateexpired); //changes the date of expiration into time

if($expiration_date > today){ //if your not expired then
if($blacklisted=="yes"){ //if your blacklisted then
echo $blacklistedmessage . $banreason; //showing blacklisted/banned message
}else{ //if your not expired or blacklisted
$date = date('Y-m-d H:i:s', time());
$crypted = sha1($hwid . $time);
mysql_query("UPDATE Users SET Signed_in = '$date'
WHERE UserName = '$username' AND Password = '$password' AND HWID = '$hwid'");
mysql_query("INSERT INTO Logged_in (username, hwid, logged_in, time)
VALUES ('$username', '$hwid', 'Yes', '$date')");
echo $crypted;  //your validated, everything is correct
}
}else{ //your expired
if($blacklisted=="yes"){ //are you expired and black listed?
mysql_query("INSERT INTO Logged_in (username, hwid, logged_in, time)
VALUES ('$username', '$hwid', 'No - Showed expired + ban message', '$date')");
echo $licenseexpired . "\n" . $blacklistedmessage . $banreason; //shows licensed expired and ban message
}else{ //Your licensed expired, but your not banned
mysql_query("INSERT INTO Logged_in (username, hwid, logged_in, time)
VALUES ('$username', '$hwid', 'No - Showed expired message', '$date')");
echo $licenseexpired;
}
}
}else{
mysql_query("INSERT INTO Logged_in (username, hwid, logged_in, time)
VALUES ('$username', '$hwid', 'No - Error logging in', '$date')");
echo $errorlogin;
}
}
?>