Untitled

if (logged_in() === true){
  echo "Mostramos el nombre del usuario y ocultamos el enlace de login.php";
}else{
  echo "no logeado, aquí se muestra el enlace del login.php";
}

if (logged_in() === true) {
    $session_user_id = $_SESSION['user_id'];
    $user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'profile');
    if (user_active($user_data['username']) === false){
        session_destroy();
        header('location: index.php');
        exit();
    }
}

<?php
session_start();
if (isset($_POST)) {
  $message= $username =  $password = $usernameBD = $passwordDB = NULL;
  $captcha = true;
  $logueado = false;
  $attemptsIP = 8;
  $attemptsU = 5;

  if(isset($_POST) && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
    $captcha = false;
    $message = "Los caracteres escritos no coinciden con la palabra de verificación. Inténtalo de nuevo.";
  }else{
    unset($_SESSION['id_user']);
  }

  $addres = $_SERVER['REMOTE_ADDR'];

  require_once'app/php/config.ini.php';
  $stmtA = $con->prepare("SELECT attempts FROM failed_attempt WHERE ip=? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");

  $stmtA->bind_param("s",$addres);
  $stmtA->execute();
  $stmtA->store_result();

  $check_result = $stmtA->num_rows;
  if ($stmtA->num_rows===1) {
    $stmtA->bind_result($failed_login_attempt);
    $stmtA->fetch();
    $stmtA->close();
  } else {
    $stmtA->close();
    $failed_login_attempt=0;
  }

  if(count($_POST)>0 && $captcha == true) {
    $username = $_POST["username"] ?: '';
    $password = $_POST["password"] ?: '';
    $stmtB = $con->prepare("SELECT id_user,username,password,logindatetime, CASE WHEN logindatetime BETWEEN DATE_SUB( NOW() , INTERVAL 2 MINUTE ) AND NOW() THEN '1' ELSE '0' END as logueado FROM users where username=? OR email=? AND active=? LIMIT 1");
    $stmtB->bind_param("ssi",$username,$username,$active);
    $active=1;
    $stmtB->execute();
    $stmtB->store_result();
    if ($stmtB->num_rows===1) {
      $stmtB->bind_result($id_userBD,$usernameBD,$passwordDB,$logindatetime,$activeBD);
        if ($stmtB->fetch()){
          if (password_verify($password, $passwordDB)) {
            $check_password = true;
          } else {
            $check_password = false;
          }
        } $stmtB->close();
      } else {
        $stmtB->close();
        $check_password = false;
      }

      if($check_result===0){
        $stmtC = $con->prepare("INSERT INTO failed_attempt (ip,attempts,datetime) VALUES (?, ?, NOW())");
        $stmtC->bind_param("si",$addres,$attempts);

        $attempts = 1;
        //$datetime = date('Y-m-d  H:i:s', time());
        $stmtC->execute();
        $stmtC->close();

      } else {
        if($failed_login_attempt<$attemptsIP){
          $accountant = $failed_login_attempt + 1;
          $stmtD = $con->prepare("UPDATE failed_attempt SET attempts=?, datetime=NOW() WHERE ip = ?");
          $stmtD->bind_param("is",$accountant,$addres);
          //$datetime = date('Y-m-d  H:i:s', time());
          $stmtD->execute();
          $stmtD->close();
      }
  }

      if ($username==$usernameBD && $check_password == true && $logindatetime!=NULL && $activeBD==1) {
        $logueado = true;
      } else {
        $attempU = 0;

        if($usernameBD!= null && $usernameBD!=''){

          $id_user = $id_userBD;

          $stmtE = $con->prepare("SELECT attempts FROM failed_login WHERE id_user =? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 15 MINUTE ) AND NOW() ");
          $stmtE->bind_param("i",$id_user);
          $stmtE->execute();
          $stmtE->store_result();
          $queryResult = $stmtE->num_rows;

          if ($queryResult===0) {
            $stmtF = $con->prepare("INSERT INTO failed_login (id_user, attempts, ip, datetime) VALUES (?, ?, ?, NOW())");
            $stmtF->bind_param("iis",$id_user,$attempts,$addres);
            $attempts=1;
            $stmtF->execute();
            $stmtF->close();
          } else {
            $stmtE->bind_result($attempU_BD);
            $stmtE->fetch();

            $attempU = $attempU_BD+1;

            if ($attempU_BD<$attemptsU) {
              $stmtG = $con->prepare("UPDATE failed_login SET attempts=?, ip = ?, datetime=NOW() where id_user =?");
              $stmtG->bind_param("isi",$attempU,$addres,$id_user);
              $stmtG->execute();
              $stmtG->close();
            }

          } $stmtE->close();
        }
      }

      //validando Usuario y Contraseña - INICIO
      if (empty($username) || empty($password)) {
        $message = "Es necesario introducir un nombre de usuario y contraseña";
      } elseif($failed_login_attempt>=$attemptsIP){
        $message = "'IP' bloqueada por 1 dia";
      } elseif($logueado){
        $message = "'Usuario' ya se encuentra logueado.";
      } elseif($attempU>=$attemptsU){
        $message = "'Usuario' bloqueado por 15 minutos";
      } elseif ($username != $usernameBD) {
        $message = "El 'Usuario' que has introducido no coincide. ";
      } elseif ($check_password == false) {
        $message = "Tu 'Contraseña' introducido no coincide. ";
      } else {
        $_SESSION["id_user"] = $id_userBD;
      }
      //validando Usuario y Contraseña - FIN

      if(isset($_SESSION["id_user"])) {
        echo '<script>window.location="index.php"</script>';
      }
    }
  }
?>