<?php session_start(); if(isset($_REQUEST['login_button'])||$_REQUEST['a

1. <?php
2. session_start();
3. if(isset($_REQUEST['login_button'])||$_REQUEST['auto']==1){
4. require '../_database/database.php';
5. $errmsg_arr = array();
6. $errflag = false;
7. $username = mysqli_real_escape_string($database,$_REQUEST['username']);
8. $password= mysqli_real_escape_string($database,$_REQUEST['password']);
9. if($username == '') {
10. $errmsg_arr[] = 'Usuario no encontrado';
11. $errflag = true;
12. }
13. if($password == '') {
14. $errmsg_arr[] = 'Contraseña no encontrado';
15. $errflag = true;
16. }
17. if($errflag) {
18. $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
19. session_write_close();
20. header("location: authentication-check.php");
21. exit();
22. }
23. $sql="SELECT user_username,user_active,user_password FROM user WHERE user_username='$username'AND user_password='$password'";
24. $result= mysqli_query($database,$sql) or die(mysqli_errno());
25. $trws= mysqli_num_rows($result);
26. if($trws==1){
27. $rws= mysqli_fetch_array($result);
28. if($rws["user_active"] == 1){
29. _SESSION['user_ip']=$rws['user_ip'];
30. $user_ip=$_SERVER['REMOTE_ADDR'];
31. $sql3="UPDATE user SET user_ip='$user_ip'WHERE user_username = '$temp'"; mysqli_query($database,$sql3)or die(mysqli_error($database)); header("location:../perfil.php?user_username=$username&request=login&status=success");
32. }else{
33. $errmsg_arr[] = 'este usuario a sido banneado';
34. }
35. } else {
36. $errmsg_arr[] = 'Usuario y contraseña no fueron encontrados';
37. $errflag = true;
38. if($errflag) {
39. $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
40. session_write_close();
41. header("location: ../components/authentication-check.php");
42. exit();
43. }
44. }
45. }
46. ?>