Guest User

Untitled

a guest
Mar 3rd, 2012
63
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. include('functions.php');
  3. include('config.php');
  4.  
  5. if(isset($_COOKIE['user']))
  6. {
  7.     $content =  'You\'re already logged in! <a href="index.php">Return home...</a>';
  8. }
  9. else
  10. {
  11.     if(isset($_POST['username']) && isset($_POST['password']))
  12.     {
  13.         //make sure names don't contain injections or any other risky data, and encrypt passwords
  14.         $username = mysql_real_escape_string(strip_tags($_POST['username']));
  15.         $password = md5(sha1(md5(sha1($_POST['password']))));
  16.        
  17.         //query to check if their data is correct
  18.         $query = mysql_query("SELECT acc_status FROM users WHERE username = '$username' AND password = '$password' LIMIT 1");
  19.        
  20.         if(mysql_num_rows($query) > 0)
  21.         {
  22.             //extract data from query
  23.             $extract = mysql_fetch_assoc($query);
  24.            
  25.             //make sure their IP isn't banned
  26.             //extract banned ips
  27.             $query_bans = mysql_query("SELECT * FROM banned_ips WHERE ip = '{$_SERVER['REMOTE_ADDR']}'");
  28.                
  29.             if(mysql_num_rows($query_bans) > 0)
  30.             {
  31.                 $content = 'You have been banned from logging in.';
  32.             }
  33.             elseif($extract['acc_status'] == 0)
  34.             {
  35.                 $content = 'This account has been banned.';
  36.             }
  37.             else
  38.             {
  39.                 //update the last logged in field
  40.                 mysql_query("UPDATE users SET lastlogin = ". time() ." WHERE username = '$username'");
  41.            
  42.                 setcookie('user', $username, time()+4800, '/');
  43.                 redirect('index.php');
  44.             }
  45.         }
  46.         else
  47.         {
  48.             $content = 'The username and password combination you have entered is incorrect.';
  49.         }
  50.     }
  51.     else
  52.     {
  53.         $content = '
  54.         <br/>
  55.         <br/>
  56.         <table>
  57.         <div id="black_fields">
  58.         <form action="login.php" method="POST">
  59.         <tr><td>Username</td><td><input type="text" class="button" name="username" maxlength="12"></td></tr>
  60.         <tr><td>Password</td><td><input type="password" class="button" name="password" maxlength="20"></td></tr>
  61.         <tr><td><input type="submit" class="button" value="Login"></td></tr>
  62.         </form>
  63.         </div>
  64.         </table>';
  65.     }
  66. }
  67. ?>
RAW Paste Data