Untitled

<?php
/*
Levels:

0 - Admin
1 - Reviewer
2 - Regular User
3 - Banned
*/

session_start();
include("database.php");

function IsLoggedIn($con) {
	global $con;
	if(isset($_SESSION["id"])) {
		$id = mysql_escape_string($_SESSION["id"]); // Added protection.
		$result = mysql_query("SELECT * FROM Sessions WHERE id=$id", $con);
		if ($result && ($_SERVER["REMOTE_ADDR"] === $result["IP"])) {
			return $result;
		}
		return false;
	}
	return false;
}

function Login($username, $password, $con) {
	global $con;
	$username = mysql_escape_string($username);
	$result = mysql_query("SELECT Salt, Password FROM Users WHERE Username='$username'", $con);
	if ($result) {
		if ($result["Password"] === (hash("sha512", $password + $result["Salt"]))) {
			return true;
		}
	}
	return false;
}

function GenerateSalt() {
	$salt = "";
	$points = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV0123456789.,%^&*()!~";
	$i = 0;
	for($i; $i <= 32; $i++) {
		$salt .= $points{mt_rand(0, 68)};
	}
	return $salt;
}

function Register($username, $password, $email, $con) {
	$ip = $_SERVER["REMOTE_ADDR"];
	$user_salt = GenerateSalt();
	$password = hash("sha512", $password + $user_salt);
	mysql_query("INSERT INTO Users(Username, Password, Level, Email, Salt, LastKnownIp) VALUES('$username', '$password', 2, '$email', '$user_salt', '$ip')", $con);
}

function RegisterSession($username, $con) {
	$id = microtime() + rand(0, 1000);
	$ip = $_SERVER["REMOTE_ADDR"];
	mysql_query("INSERT INTO Sessions(ID, IP, Username) VALUES('$id', '$ip', '$username')", $con);
	$_SESSION["id"] = $id;
}

function RegisterFailedLogin($con) {
	if (isset($_SESSION["id"])) {
		$id = microtime() + rand(0, 1000);
		$_SESSION["FID"] = $id;
	}
	$ip = $_SERVER["REMOTE_ADDR"];
	$ts = time();
	$result = mysql_query("SELECT * FROM FailedLogins WHERE IP='$ip'", $con);
	if ($result) {
		mysql_query("UPDATE FailedLogins SET AttemptNo=AttemptNo+1", $con);
	} else {
		mysql_query("INSERT INTO FailedLogins(ID, IP, TimeStamp, AttemptNo) VALUES('$id', '$ip', $ts, 1)", $con);
	}
}

?>