login script code

<?php
//login-handler Script Copyright (C) 2017. All Rights Reserved.
//Server Side includes.
include_once(__DIR__.'/functions.php');
// Start PHP session.
session_start();
//Get User IP.
addrlookup();
If (isset ($_POST['username'], $_POST['password'])) {
//Get Post Data from Form.
$user = ($_POST['username']);
$pass = ($_POST['password']);
//Strip Special Characters from POST data. The Vars. sanuser and sanpass
//hold the sanatized data.
$sanuser = preg_replace("/[^a-zA-Z0-9]/", "", $user);
$sanpass = preg_replace("/[^a-zA-Z0-9]/", "", $pass);
//Connect to the database.
$host = "localhost";
$servername = "database_name";
$username = "database_username";
$dbpassword = "password";
$conn = mysql_connect($host, $username, $dbpassword, $servername);
if (!$conn) { die('Could not submit login credentials !<br />Please contact the site administrator.');}
$query = "SELECT id, username, password, ip, score, ban, login  FROM data WHERE username='$sanuser' AND password='$sanpass';";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
global $datapass;
global $datauser;
$datauser = $row['username'];
$datapass = $row['password'];
if ($datauser !== $sanuser) {
if ($datapass !== $sanpass) {
// invalid login information. Unsucessfull login.
session_unset();
session_destroy();
echo '<html><body><h1>Error: Wrong username or password!</h1>';
echo '<p>Please click <a href="/app-login.php"> HERE</a>  to try again.</p></body></html>';
} else {
//valid login information.  Login was successful.
$row = mysql_fetch_array($result);
// Save the SQL data  for pass to other scripts
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['score'] = $row['score'];
$_SESSION['ban'] = $row['ban'];
$_SESSION['ip'] = $row['ip'];
$_SESSION['login'] = $row['login'];
global $ban;
global $log;
$ban = $row['ban'];
$log = $row['login'];
//Now that SQL Data has been converted to vars, close the database connection.
mysql_close($conn);
if ($ban=="1") {
    /*Ban returns 0 or 1 binary value. This code executes if ban returns true, based on
    the SQL querry returned. An additional script will allow adminstrator to set ban to
    1 or 0. Default is set to 0 on signup.*/
    session_unset();
    session_destroy();
    echo 'Sorry your account has been banned';
} else { //this code executes if Ban returns a binary return of 0.
if ($log=="1"){
    /*log returns a binary value of 0 or 1. Default is set to 0. If log returns a value of 1,
    user is logged in elsewhere, either on the same system or on a seperate ip. */
    session_unset();
    session_destroy();
    echo '<html><body><h1>Error: Multiple Login</h1>';
    echo '<p>Sorry but you are not allowed to login more than once on the same device, or multple times on multple devices</p></body></html>';
     } else { //insert code to do once user is succesfully logged in and checks have
     //been made for bans and double-login.
     echo '<html><body><h1>Manual Redirect</h1><p><h3>Please click <a href="/app.php">HERE</a> to continue.</h3></p></body></html>';
            } // end successful login case.
         } //end second case for ban check, where ban returns 0.
       } //end case for valid login
//else statment for usrname not returned correctly from SQL.
                    } else {
                                session_unset();
                            session_destroy();
                            echo '<html><body><h1>Error: Wrong username or password!</h1>';
                            echo '<p>Please click <a href="/app-login.php"> HERE</a>  to try again.</p></body></html>';
                           }
            } else {
//Reject login attempt if post data not set.
session_unset();
session_destroy();
echo '<html><body><h1>Error: Your browser failed to submit credentials.</h1>';
echo '<p>lease click <a href="/app-login.php> HERE </a> to try again.</p>';
}