<?PHP///must have this session_start, or it wont worksession_start();//get

1. <?PHP
2. ///must have this session_start, or it wont work
3. session_start();
4. //get the database connection
5. require_once("db.php");
6. //see if they are already logged in, if so they go to members page
7. if(isset($_SESSION['logged']) == true) {
8.   header("Location: index.php");
9. }
10. // see if you have submitted the log in form
11. if (isset($_POST['submit'])) {
12.     // see if they filled in username and password
13.    if(!$_POST['username'] || !$_POST['password']) {
14.      echo "<body bgcolor='black' text='white' link='white' alink='white' vlink='white'>You did not fill in a required field.</body>";
15.    }
16.    // encrypt the password, must have this function in registering script! or they will never match.
17. function enchsetenev($toencode,$times)
18. {
19.     $salt = 's+(_a*';
20.     for($zo=0;$zo<$times;$zo=$zo+1)
21.     {
22.         $toencode = hash('sha512',$salt.$toencode);
23.         $toencode = md5($toencode.$salt);
24.     }
25.     return $toencode;
26. }
27. $password = enchsetenev("{$_POST['password']}",500);
28.    // changing the $_POST so its easier to type, etc.
29.    $username = ($_POST['username']);
30.    $ip = $_SERVER['REMOTE_ADDR'];
31.    // checks it against the database
32.    $check = mysql_query("SELECT username, password FROM user WHERE username = '$username' AND password='$password'")or die(mysql_error());
33.     $now = mysql_query("SELECT COUNT(id) FROM `user` WHERE online != 'Offline' AND ip = '{$ip}'") or die(mysql_error());
34. // checks if you have 2 accounts logged on already
35.     $nw = mysql_fetch_array($now);
36.     if($nw['COUNT(id)'] == 2) { echo "<body bgcolor='black' text='white' link='white' alink='white' vlink='white'>You already have 2 accounts on already. Log one out first</body>";  }
37.    //Gives error if user doesn't exist
38.    $check2 = mysql_num_rows($check);
39.    if ($check2 == 0) {
40.      echo "<body bgcolor='black' text='white' link='white' alink='white' vlink='white'>That username / password combination does not exist.</body>";
41. }
42.   // if login is ok then we add a cookie
43.   $_SESSION['username'] = ($_POST['username']);
44.   $_SESSION['logged'] = true;
45. // update online status
46. $q=mysql_query("UPDATE `user` SET online='At Home',ip='{$ip}' WHERE username='{$_SESSION['username']}'") or die(mysql_error());
47.    
48.   //then redirect them to the members area
49. header("Location: index.php");
50.   } else {
51. ?>
52.         <body bgcolor='black' text='white' link='white' alink='white' vlink='white'>
53. <table bgcolor='black' bordercolor='1166ff' border='1' align='center'><tr><td>
54.     <form action="<?PHP echo $_SERVER['PHP_SELF']; ?>" method="POST">
55. <table border="0" align="center">
56. <tr><td colspan="2"><h3 align="center"><u>Login</u></h1></td></tr>
57. <tr><td>Username:</td><td>
58. <input type="text" name="username" maxlength="40">
59. </td></tr>
60. <tr><td>Password:</td><td>
61. <input type="password" name="password" maxlength="50">
62. </td></tr>
63. <tr><td colspan="2" align="right">
64. <input type="submit" name="submit" value="Login">
65. </td></tr>
66. </table></tr></td></table>
67. </form>
68. <center><a href='reg.php'>Click Here to Create an Account</a></center></body><?PHP } ?>