Untitled

<?php
ob_start('ob_gzhandler');

session_start();

define('ROOT', 1);

$config = require_once 'config.php';

include('engine.class.php');

$engine = new Engine;

$engine->load_extension('mysql');
$engine->load_extension('steam');

$mysql  = new MySQL($config['host'], $config['user'], $config['pass'], $config['db']);
$steam  = new Steam;

$mysql->connect();

if ($engine->request_var('logout') == 1)
{
    session_destroy();
    header('Location: index.php');
}

if ($_SERVER['REMOTE_ADDR'] != $_SESSION['ip'])
{
    $_SESSION['ip']      = $_SERVER['REMOTE_ADDR'];
    $_SESSION['token']   = $engine->generate_security_token();
    $_SESSION['user']    = false;
    $_SESSION['attempt'] = 1;
}

if($engine->request_var('login') && !$_SESSION['user'])
{
    if ($_SESSION['attempt'] >= $config['login_attempts'])
    {
        $error['login'] = 'Number of login attempts exceeded';
    } else {
        $sql = "SELECT id FROM users WHERE gamesynch_id = '" . $mysql->escape($engine->request_var('user')) . "' AND password = '" . $mysql->escape($engine->request_var('password')) . "'";
        $query = $mysql->query_first($sql);

        if ($mysql->affected_rows == 1)
        {
            $_SESSION['user'] = $query['id'];
        } else {
            $error['attempt'] = $config['login_attempts'] - $_SESSION['attempt'];
            $error['login'] = "You have entered invalid username or password (<b>$error[attempt]</b>)";
            $_SESSION['attempt']++;
        }
    }
}

if ($_SESSION['user'])
{
    $sql = "SELECT * FROM users WHERE id = $_SESSION[user]";
    $user = $mysql->query_first($sql);
}

if (!$_SESSION['user']) {
?>
<form name='input' action='' method='post'>
Login:
<input type='text' name='user' />
<input type='password' name='password' />
<input type='submit' name='login' value='Submit' />
</form>
<?php echo $error['login']; ?>
<?php
} else {
echo "HI $user[gamesynch_id] <a href='?logout=1'>Logout</a>";
}
$mysql->close();

ob_end_flush();
?>