<div class="loginlogout"> <?php include ("includes/audit.php");

1. <div class="loginlogout">
2.     <?php
3.     include ("includes/audit.php");
4.  
5.     if (!isset($_SESSION['username']) and (isset($_POST['username']))) {
6.     $username = $_POST['username'];
7.     $password = hash("sha512", $_POST['password']);
8.     $uname = mysql_real_escape_string($username);
9.     $upass = mysql_real_escape_string($password);
10.  
11.     if ((!empty($uname)) or (!empty($upass))) {
12.         $login = mysql_query("SELECT * FROM `users` WHERE `username` = '".$uname."' AND `password` = '".$upass."'");
13.         if (mysql_num_rows($login)) {
14.         $user = mysql_fetch_assoc($login);
15.         //extract($user, EXTR_PREFIX_ALL, "users"); // this sets all fields in the mysql database to variables like $user_id for the field "id" in mysql
16.         $_SESSION['username'] = $user_name;
17.         echo '
18.                                         <p>Thank you for logging in ' . $_POST['username'] . ' click <a href="index.php?page=usercp">here</a>
19.                                         if your browser does not automatically re-direct you.</p>';
20.         $useridquery = mysql_query("SELECT * FROM users WHERE `username` = '" . $uname . "'");
21.         $userid = mysql_fetch_array($useridquery);
22.         mysql_query("DELETE FROM loggedin WHERE userid = '" . $userid['userid'] . "'");
23.         mysql_query("INSERT INTO loggedin (`userid`, `username`, `timestamp`, `ip`, `date`) VALUES ('" . $userid['userid'] . "', '" . $userid['username'] . "', '" . date("H:i:s") . "', '" . $visitor . "', '" . date("Y-m-d") . "')");
24.  
25.         $queryForID = mysql_query("SELECT * FROM loggedin");
26.         $getSessionID = mysql_fetch_array($queryForID);
27.         while ($audit = mysql_fetch_array($queryForID)){
28.             /*Auditing Begins*/
29.             if ($audit['date'] != date("Y-m-d")){
30.                 mysql_query("DELETE FROM loggedin WHERE userid = '" . $audit['userid'] . "'");
31.             }
32.  
33.             /*Auditing Ends*/
34.         }
35.  
36.         $_SESSION['sessionid'] = $getSessionID['loginid'];
37.         $_SESSION['userid'] = $userid['userid'];
38.  
39.         echo '
40.                                         <script type="text/javascript">
41.                                             alert("Your Username is ' . $uname . ' and your context is ' . $_SERVER['SERVER_NAME'] . '")
42.                                         </script>';
43.         }
44.  
45.         else {
46.         echo "<p>Invalid Login or Password.</p>";
47.         }
48.     }
49.  
50.     else {
51.         echo "<p>Login Failed</p>";
52.     }
53.  
54.     }
55.     ?>
56. </div>